SİBER GÜVENLİK TEHDİTLERİ ÇERÇEVESİNDE QR KOD TABANLI KİMLİK AVI SALDIRILARINA KARŞI KULLANICI GÜVENLİĞİ

Yıl 2025, Cilt: 15 Sayı: 30, 296 - 318, 27.12.2025

Mustafa Bilgehan İmamoğlu , Aleyna Ayaz

Öz

Teknolojinin hızlı gelişmesiyle birlikte QR kodlar, bilgiye hızlı erişimi nedeniyle yaygın biçimde kullanılmaktadır. Ancak bu yaygın kullanım, kötü niyetli kişiler tarafından yapılan kimlik avı (phishing) saldırıları başta olmak üzere birçok siber tehdidi de beraberinde getirmektedir. Bu çalışmada, QR kodlar aracılığı ile gerçekleştirilebilecek kimlik avı saldırılarına karşı bireylerin farkındalık düzeyleri incelenmiştir. Karadeniz Teknik Üniversitesi kampüsünde gerçekleştirilen saha çalışmasında, resimsiz ve resimli olmak üzere iki farklı türdeki QR kod afişleri öğrenci yoğunluğu olan alanlara yerleştirilmiş ve kullanıcıların QR kodları tarama motivasyonları ile kimlik avı saldırılarına yönelik farkındalıkları analiz edilmiştir. Elde edilen veriler, görsel öğelerle desteklenen afişlerin daha fazla ilgi çektiğini, katılımcıların çoğunun güvenlik konusunda yetersiz bilgiye sahip olduğunu ve merak duygusunun tarama davranışında önemli bir rol oynadığını göstermektedir.

Anahtar Kelimeler

QR kod , kimlik avı , siber güvenlik , sosyal mühendislik , kullanıcı farkındalığı

USER SECURITY AGAINST QR CODE-BASED PHISHING ATTACKS IN THE CONTEXT OF CYBERSECURITY THREATS

Öz

With the rapid advancement of technology, QR codes have become widely used due to their ability to provide quick access to information. However, this widespread use also brings along various cybersecurity threats, particularly phishing attacks conducted by malicious actors. This study investigates individuals’ awareness levels regarding phishing attacks that can be executed through QR codes. A field study was carried out on the campus of Karadeniz Technical University, where two different types of QR code posters—visual and non-visual—were placed in areas with high student traffic. The motivations behind scanning the QR codes and participants’ awareness of phishing attacks were analyzed. The results reveal that posters supported with visual elements attracted more attention, most participants lacked sufficient knowledge about security, and curiosity played a significant role in their scanning behavior.

Anahtar Kelimeler

QR code , phishing , cybersecurity , social engineering , user awareness

Kaynakça

• Ahuja, S. (2014). QR Codes and Security Concerns, International Journal of Computer Science and Information Technologies, 5(3), 3878-3879.
• Alde, A. B., & Humbe, V. T. (2024). Application of Secure Data Transmission by Integrating QR Code with Visual Cryptography, Lecture Notes in Networks and Systems, 1022, 125-133.
• Amoah, G. A., & Hayfron-Acquah, J. B. (2022). QR Code Security: Mitigating the Issue of Quishing (QR Code Phishing), International Journal of Computer Applications, 184(33), 34-39.
• Arslan, M. (2011). Pazarlamada Kare Kod Kullanımı, Bilim ve Teknik, 44(738), 78-81.
• Bani-Hani, R. M., Wahsheh, Y. A., & Al-Sarhan, M. B. (2014). Secure QR Code System, 10th International Conference on Innovations in Information Technology, 1-6.
• Başar, R. (2024). QR Kod İle Bir Siber Güvenlik Farkındalık Denemesi: Düzce Örneği. Denetişim, 0(30), 214-225.
• Başaran, A., & Göksel, B. (2016). QR Code’daki Olta Bir Farkındalık Deneyi ve QR Kodları Sosyal Mühendislik Saldırılarında Kullanılması, https://www.slideshare.net/slideshow/qr-codelardaki-tehlike/68516865 (17.10.2024)
• Bilir, M. O., & Özkoç, E. E. (2020). QR Kod Güvenlik Farkındalığı Üzerine Ankara İlinde Bir Araştırma, İnternet Uygulamaları ve Yönetimi Dergisi, 11(2), 113-129.
• Bozkurt, F., & Ergen, A. (2012). Pazarlama İletişiminde Yeni Bir Mobil Pazarlama Aracı: 2 Boyutlu Barkodlar, Pazarlama ve Pazarlama Araştırmaları Dergisi, 9, 43-64.
• Chen, F., Wong, K. Wo, Liao, X., & Xiang, T. (2014). Period Distribution of Generalized Discrete Arnold Cat Map, Theoretical Computer Science, 552, 13-25.
• Elçi, A. (2014). İş Ekipmanlarında Güvenlik Takibi İçin Bir Sistem Önerisi “Karekod Barkod Uygulama” (Yüksek Lisans Tezi). İstanbul Yeni Yüzyıl Üniversitesi, Sağlık Bilimleri Enstitüsü. https://acikbilim.yok.gov.tr/handle/20.500.12812/702193
• Ellerbee, S. M. (2009). An Artistic View of Posters, Newborn and Infant Nursing Reviews, 9(2), 109-110.
• Focardi, R., Luccio, F. L., & Wahsheh, H. A. M. (2019). Usable Security for QR Code, Journal of Information Security and Applications, 48.
• Goel, N., Sharma, A., & Goswami, S. (2017). A Way to Secure a QR Code: SQR. In 2017 International Conference on Computing, Communication and Automation, 494-497.
• Hoy, M. B. (2011). An Introduction to QR codes: Linking Libraries and Mobile Patrons, Medical Reference Services Quarterly, 30(3), 295-300.
• Ismail, S., Alkawaz, M. H., & Kumar, A. E. (2021). Quick Response Code Validation and Phishing Detection Tool, In 2021 IEEE 11th Symposium on Computer Applications and Industrial Electronics, 261-266.
• Kapsalis, I. (2013). Security of QR Codes (Master’s thesis). Norwegian University of Science and Technology. https://ntnuopen.ntnu.no/ntnu-xmlui/bitstream/handle/11250/262814/644988_FULLTEXT01.pdf?sequence=2&isAllowed=y
• Kharraz, A., Kirda, E., Robertson, W., Balzarotti, D., & Francillon, A. (2014). Optical Delusions: A Study of Malicious QR Codes In the Wild, Proceedings of the International Conference on Dependable Systems and Networks, 192-203.
• Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., & Weippl, E. (2014). QR Code Security: A Survey of Attacks and Challenges for Usable Security, Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 79-90.
• Krombholz, K., Frühwirt, P., Rieder, T., Kapsalis, I., Ullrich, J., & Weippl, E. (2015). QR Code Security-How Secure and Usable Apps Can Protect Users Against Malicious QR Codes, 10th International Conference on Availability, Reliability and Security, 230-237.
• Li, W., Lee, J., Purl, J., Greitzer, F., Yousefi, B., & Laskey, K. (2020). Experimental Investigation of Demographic Factors Related to Phishing Susceptibility, Proceedings of the 53rd Hawaii International Conference on System Sciences, 2240-2249.
• Liu, Z., Zhou, L., & Zhang, D. (2020). Effects of Demographic Factors on Phishing Victimization in the Workplace, In PACIS.
• Mahalakshmi, A., Goud, N. S., & Murthy, G. V. (2018). A Survey on Phishing and It’s Detection Techniques Based on Support Vector Method (SVM) and Software Defined Networking (SDN), International Journal of Engineering and Advanced Technology, 8(2), 498-503.
• Moharil, B., Ghadge, V., Gokhale, C., & Tambvekar, P. (2012). An Efficient Approach for Automatic Number Plate Recognition System Using Quick Response Codes, International Journal of Computer Science and Information Technologies, 3, 5108-5115.
• Moody, G. D., Galletta, D. F., & Dunn, B. K. (2017). Which Phish Get Caught? An Exploratory Study of Individuals′ Susceptibility to Phishing, European Journal of Information Systems, 26(6), 564-584.
• Örücü, A. İ. (2013). Bir Vergi Ödeme Aracı Olarak Karekod Teknolojisi, Maliye Dergisi, 0(164), 259-267.
• Piper, P. S. (2007). A Newer, More Profitable Aquaculture, Searcher: Magazine for Database Professionals, 15(9), 40-47.
• Pratama, A. R., Vadila, N., & Firmansyah, F. M. (2023). Exposing Generational and Gender Gap in Phishing Awareness Among Young Adults: A Survey Experiment, AIP Conference Proceedings, 2508(1).
• Sanal, A., & Öztürkoğlu, Y. (2017). Hizmet Sektöründe QR Kod Kullanım Alanlarına Yönelik Bir Alan Çalışması, Business & Management Studies: An International Journal, 5(4), 172-189.
• Sharma, V. (2012). A Study of Malicious Qr Codes, International Journal of Computational Intelligence and Information Security, 3(5).
• Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010). Who Falls for Phish? A Demographic Analysis of Phishing Susceptibility and Effectiveness of Interventions. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 373-382.
• Shinde, S. S., Kale, G. M., Nalbalwar, S. L., & Deosarkar, S. B. (2024). Navigating the Cyber Battlefield: Understanding Threats and Safeguarding Digital Frontiers, International Conference on Electrical Electronics and Computing Technologies, 1, 1-6.
• Sun, A., Sun, Y., & Liu, C. (2007). The QR-Code Reorganization in Illegible Snapshots Taken by Mobile Phones, Proceedings - The 2007 International Conference on Computational Science and Its Applications, 532-536.
• Tarhan, K. (2022). Historical Development of Cybersecurity Studies: A Literature Review and Its Place in Security Studies, Przegląd Strategiczny, 12(15), 393-414.
• Thamilvanan, G., & Mohanasundaram, K. (2019). Quick Response Code As a Communication Medium, International Journal of Innovative Technology and Exploring Engineering, 8(10), 4190-4192.
• Varshney, G., Misra, M., & Atrey, P. K. (2016). A Survey and Classification of Web Phishing Detection Schemes, Security and Communication Networks, 9(18), 6266-6284.
• Vidas, T., Owusu, E., Wang, S., Zen, C., & Cranor, L. (2012). QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks, International Conference on Financial Cryptography and Data Security, 52-69.
• Wahsheh, H., & Al-Zahrani, M. (2021). Secure Real-Time Computational Intelligence System Against Malicious QR Code Links, International Journal of Computers, Communications and Control, 16(3), 1-9.
• Webtekno. (2017). Çin Dolandırıcılığı Önlemek İçin QR-Kod Ödemelerini Durdurdu, https://www.webtekno.com/cin-dolandiriciligi-onlemek-icin-qr-kod-odemelerini-durduruyor-h38598.html (26.08.2024).
• Wen, L., Jingjing, W., Chen, W., & Luyu, S. (2022). Research on the Visual Imagery of Posters Based on the Culture Code Theory of Design, Frontiers in Psychology, 13.
• Yin, L. R., Senior, M., Zhang, Z., & Baldwin, N. (2013). Perceived Security Risks of Scanning Quick Response (QR) Codes in Mobile Computing with Smart Phones, International Conference on Engineering, Management Science and Innovation, 1-7.
• Yuwei, Y., & Su, Y. (2020). A Two-Dimensional Code Security Authentication Method Based on Digital Watermarking, ACM International Conference Proceeding Series, 94-99.
• Zhu, L. (2014). Security Protection Model of QR Code Scanning Software, Advanced Materials Research, 989, 4371-4374.