On 2/2/2021 11:34 AM, John Hardin wrote:
On Tue, 2 Feb 2021, John Hardin wrote:
On Tue, 2 Feb 2021, RW wrote:
On Tue, 2 Feb 2021 10:47:49 +0100
Valentijn Sessink wrote:
On-list: the only thing in the last QR-code phishing mail I received
that actually makes it a phishing mail is the following part:
<=
DEFANGED_IMG alt=3D"QR Code - Bevestigen aanvraag" style=
=3D"display:block;border:0;outline:none;text-decoration:none;-ms-interpolat=
ion-mode:bicubic" title=3D"QR Code - Bevestigen aanvraag"
src=3D"https://pr=
oxy.duckduckgo.com/iu/?u=3Dhttps://chenoneproduction.s3.ap-southeast-1.amaz=
onaws.com/static/a0fd.png" width=3D"184">
So the QR code is remote. If you fetch it could look like the recipient
read the email, encouraging more spam to that account.
Not if they are retrieving it by bouncing off DDG (or Gargle, or
Imgur, or...)
...assuming of course those sites *host* the image themselves, and
don't just redirect the request elsewhere.
Bill's comment is correct - it's a bad idea to blindly retrieve remote
content.
However: scanning attached and embedded images (and PDFs) for text,
and URIs (bare or QR encoded) to include would potentially be useful.
Yes, pre-fetch QR analysis would be useful; sort of like SHORTURL decodes.
Here's some useful PERL with: Barcode::ZBar
Reading QR Codes from Perl - ETOOBUSY (polettix.it)
<https://github.polettix.it/ETOOBUSY/2020/01/22/zbar/>
