A survey of the QR code phishing: the current attacks and countermeasures

Quick response (QR) code gained popularity and has been adapted for various applications such as a pointer to digital information and authentication. While the code gives convenience as a physical pointer to the digital world, it can be manipulated to divert the intended destination of the link to a malicious site. Thus, QR codes can be easily exploited by phishers to launch phishing attacks. Here, the current phishing attacks that utilise the QR code as a vector are surveyed and categorised. The recent countermeasures for such attacks are surveyed as well. It is also found that, current countermeasures are insufficient and face challenges like barcode-in-barcode attacks, high overhead solutions and limited data space in the code. In comparison to the amount of work done in web and email phishing detection, QR code phishing detection still inadequate. This paper hopes to shed light on the recent phishing attacks using QR code and the countermeasures proposed to tackle these attacks.