Attagging is an exploit whereby a user of a smartphone scans a QR code which translates into a malicious URL – which then takes the user to a webpage which usually has a link on it to do something dubious.
Attagging is derived from the words Attack and Tagging – “using QR codes to point to an evil server running metasploit to “attag” a target”
If you don’t know what a QR code is yet, don’t worry you can find out more on QR-CodeScanner.com - it’s basically a “barcode” made of black and white squares..
An example of a dubious QR code
But if I only use codes from advetisers I trust it should be safe?
In theory, yes, but there are cases where stickers have been placed over the original QR code, eg on a billboard etc.
Even if the QR code takes you to a suspicious URL, the key is to not click on any links.
‘QRjacking’ aka ‘Pharming’
The practice of putting stickers over existing QR codes which link to wherever the attacker wants the victim to go to.
Keep your wits about you, you never know when you could be the victim of attaging!