Researchers have revealed a new type of spam campaign that appears to be a test run to find out how mobile users will respond to social engineering attempts on their smartphones and tablets.
According to a Tuesday blog post from security firm Websense, the emails look like typical spam trying to hawk male enhancement drugs. However, in this case, they contain a link to a legitimate site -- 2tag.nl -- that generates quick response (QR) codes for URLs.
The link leads to an already-created QR code, which can be scanned by a mobile reader application available in places like the Android Market. After the code is recognized, a URL is loaded that advertises the counterfeit goods, including Viagra and Cialis.
"This is a clear movement and evolution of traditional spammers toward targeting mobile technology," Elad Sharf, a Websense Security Labs researcher, wrote in the blog post.
Patrik Runald, senior manager of security research at Websense, told SCMagazine.com that this is the first time his team has seen QR codes being used in spam. He added that the culprits may be trying out this tactic to see how people respond, with the goal of eventually evolving it to foist malware.