Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Spam Emails Link To QR Codes

View all posts > 

Spam Emails Link To QR Codes

Posted: 09 Jan 2012 05:48 PM | Elad Sharf | no comments


It was just a matter of time, and now it's happening. The Websense® ThreatSeeker® Network has started spotting spam messages that lead to URLs that use embedded QR codes. This is a clear movement and evolution of traditional spammers towards targeting mobile technology.


The spam email messages look like traditional pharmaceutical spam emails (image 1) and contain a link to the Web site 2tag.nl. This is a legitimate Web service that allows users to create QR codes for URLs. Once the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL that the QR code resolves to on the right (image 2). When the QR code is read by a QR reader, it automatically loads the spam URL(or asks before loading, depending on which flavor of QR reader you have installed) (images 3 and 4).


Websense customers have been protected against this attack with ACE, our Advanced Classification Engine.


Image 1 - An example spam email message:


Image 2 - When the URL is loaded in the browser, a QR code appears:



Image 3 -  Scanning the QR code with a QR reader loads the pharmaceutical spam URL in the browser:



Image 4 - The loaded URL offers pharmaceutical drugs:


Leave a Comment


Email address: (required)