For those who don’t know, it’s where someone takes a QR code like on a poster for a concert and puts a sticker with a different QR code on top to a fake website that looks like the concert website (or a Rick Roll).
The obvious answer is to scratch off the QR code if you notice it’s a sticker, but It’s not always acceptable -or legal- to start damaging stuff to check if it’s real or not. Also what if it’s out of reach on a sign or something?
You can’t put a little text under saying what the website is as a sort of checksum because the vandal can just write their own website under their sticker.
Been thinking for awhile that it’s impossible that foreign spies don’t hang around D.C. just slapping a handful of these out at popular restaurants and watering holes. kill the URLs after 24 hrs and do it again to stay less detected, you’d get something for lateral movement in any given weekend.
I doubt foreign intelligence agencies need to do this and leave physical traces. They’ll just get pegasus from israel’s “NSO Group” and send it to everyone.
You do that when you want Hegseths phone, ASAP, for a few million.
You do this first to see if you can get there ahead of time for $1000.
Or just wait until the next National Security Advisor drunk text you…
“hello sir I am with big newspaper, great time last night, please save contact as big important newspaper guy”