On Tue, 2 Feb 2021, John Hardin wrote:
On Tue, 2 Feb 2021, RW wrote:
On Tue, 2 Feb 2021 10:47:49 +0100
Valentijn Sessink wrote:
On-list: the only thing in the last QR-code phishing mail I received
that actually makes it a phishing mail is the following part:
<=
DEFANGED_IMG alt=3D"QR Code - Bevestigen aanvraag" style=
=3D"display:block;border:0;outline:none;text-decoration:none;-ms-interpolat=
ion-mode:bicubic" title=3D"QR Code - Bevestigen aanvraag"
src=3D"https://pr=
oxy.duckduckgo.com/iu/?u=3Dhttps://chenoneproduction.s3.ap-southeast-1.amaz=
onaws.com/static/a0fd.png" width=3D"184">
So the QR code is remote. If you fetch it could look like the recipient
read the email, encouraging more spam to that account.
Not if they are retrieving it by bouncing off DDG (or Gargle, or Imgur,
or...)
...assuming of course those sites *host* the image themselves, and don't
just redirect the request elsewhere.
Bill's comment is correct - it's a bad idea to blindly retrieve remote
content.
However: scanning attached and embedded images (and PDFs) for text, and
URIs (bare or QR encoded) to include would potentially be useful.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Are you a mildly tech-literate politico horrified by the level of
ignorance demonstrated by lawmakers gearing up to regulate online
technology they don't even begin to grasp? Cool. Now you have a
tiny glimpse into a day in the life of a gun owner. -- Sean Davis
-----------------------------------------------------------------------
4 days until International Zero Tolerance of FGM Day
