In what seemed to be a perpetual tribute to millennials this year, brands of all industries put on their Sunday best for Super Bowl Sunday, 希望能走红.
最佳商业广告有几位领跑者, 包括来自Uber Eats和Turbo Tax的有趣的视频, 以及我个人最喜欢的:博士的回归. 邪恶推动通用汽车. But it is the Coinbase commercial that is being talked about the most in security circles—and for all the wrong reasons.
The Coinbase ad featured a QR code that changed colors as it moved all over the screen, 这是对DVD屏幕保护程序(或Office爱好者)的一次回调, 发布会的冷场). 一次扫描, the QR code led viewers to an offer: $15 in BTC for new customers who join Coinbase by February 15, 2022, 或者为现有客户提供300万美元的赠品.
这则广告广受观众欢迎, so much so that it sent the Coinbase app crashing almost immediately. While the advertising agency behind the commercial had to be ecstatic about the response, 各地的安全专家都在畏缩, 有很好的理由.
第一个, the logic behind the commercial reinforced one of the key behaviors security professionals warn about, 盲目地点击. We all know by now that you should never click on a link you aren’t 100% sure about and scanning a floating QR code is the same thing.
Nobody viewing the commercial knew where the QR code went until the Coinbase logo appeared at the very end, 然而,许多好奇的观众仍在浏览它. And even though some Android and iOS devices offer preview links when scanning QR codes, 用户在点击之前并不知道他们真正要去哪里, and the destination for “mystery links” is usually a place they don’t want themselves, 他们的电脑或信息.
第二个, it’s easy for scammers to imitate a legitimate site with a malicious one, 并使用QR码诱骗用户访问. Then, the imposter site can be used for phishing, data theft and other malicious purposes. 如果你想象一个模仿Coinbase的冒名网站, you can understand the type of personal and financial information being entered under the pretense of a promotional offer.
“Many individuals are not aware that [QR] codes are being spoofed by cybercriminals and woven with malware or malicious URLs in hopes of opening the door to sensitive data,” Lisa Plaggemier, Interim Executive Director of the National 网络安全 Alliance. “然而, for all of the talk about how the negative impacts of the Coinbase ad from a cyber perspective, the ad also stands to do a bit of good as well by raising the profile of the QR code security conversation in a way that it frankly hasn’t been yet.”
自2019冠状病毒病以来,二维码在某种程度上卷土重来, 尤其是在餐饮业, 联邦调查局最近发布了一份警报(提醒我- 011822 - psa) to raise public awareness of malicious QR codes being used by cyber criminals to steal victim funds that echoes the concerns raised by the Coinbase commercial.
Oh, and if you’re wondering how many people scanned the ad when it aired… reportedly more than 20 million.
关于施耐德唐斯网络安全
The bet9游戏平台 cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 欲了解更多信息,请访问 f5n0.hadeslo.com/cybersecurity 或bet9平台游戏的团队 cybersecurity@hadeslo.com.
此外,我们的 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.