top of page
Search
Writer's pictureHoward Rabb

QR Codes - Why you should be worried about scanning them

While sitting at a restaurant the other day with my wife I watched the table being seated next to me. The group whipped out their cellphones as we all do now since conversation amongst friends is evidently considered quite gauche, and scanned the QR code on the table instead of opening the menus. As an IT professional here in Hamilton focused on security my heart sank. Is it REALLY this easy to hack people? (yes, yes it is by the way)


A person in a suit scanning a QR code because he doesn't care about security
That QR code may not do what you think it does


QR codes are ubiquitous in today's digital landscape, found on restaurant menus, flyers, and posters, both offline and online. They offer a quick and easy way to access links, coupons, videos, and other online content by simply scanning with your smartphone camera. However, with the rise in QR code usage, cybercriminals have found ways to exploit this technology for malicious purposes, posing significant risks to unsuspecting users.


The QR Code Resurgence

Initially designed for tracking automotive parts, QR codes have seen a resurgence as a powerful marketing tool. They provide instant access to information, making them popular in retail, hospitality, and various other industries. Unfortunately, cybercriminals are adapting to this trend, using QR codes in phishing scams to exploit the trust we place in them.


How the Scam Works

Scammers create fake QR codes and place them over legitimate ones on posters, advertisements, or product discounts. When you scan the fake code, it may direct you to a phishing website that asks for sensitive data such as credit card details or login credentials. Alternatively, it could prompt a download of a malicious app containing malware that can spy on your activity, access your contacts, or even lock your device until you pay a ransom. Some fake QR codes may also lead you to a payment page that charges you for something supposedly free.



A totally not stock image of a person scanning a QR code  (Source: Adobe Stock)
Why would you scan a QR code on a bill? You're literally holding the bill!


Malicious QR Code Tactics

Malicious Codes Concealed: Scammers often add fake QR code stickers over real ones, embedding malicious content or redirecting users to fraudulent websites.


Fake Promotions and Contests: Scammers use QR codes to lure users into fake promotions or contests, leading to potential identity theft or financial fraud.


Malware Distribution: Malicious QR codes can initiate malware downloads, compromising your device's security and functionality.


Sticking Them to Sign Posts on a Public Street: Ok. Seriously people. If you're gonna visit a QR code you saw stuck to a bus shelter or sign post maybe you deserve what is coming to you. STOP DOING THIS!!!


Stay Vigilant: Tips for Safe QR Code Scanning


Verify the Source: Be cautious when scanning QR codes from unknown or untrusted sources. Verify the legitimacy of the code and its source, especially if it prompts you to enter personal information.


Use a QR Code Scanner App: Consider using a dedicated QR code scanner app that offers extra security features such as code analysis and website reputation checks.


Inspect the URL Before Clicking: Always review the URL before visiting a website prompted by a QR code to ensure it matches the legitimate website of the organization. Often the URLs will use a link shortener to help the owner of the site track you whether a legitimate restaurant menu, or hacking site.


Avoid Scanning Suspicious Codes: Trust your instincts. If a QR code looks suspicious, refrain from scanning it. Be cautious when scanning codes in public places, especially if they appear damaged or tampered with.


Update Your Device and Apps: Keep your device's operating system and QR code scanning apps up to date to protect against known vulnerabilities.


JUST DON'T DO IT!: I was once in a restaurant that did not supply menus and told me I had to order on their app by clicking on the QR code. I told them this was a terrible idea, super insecure and asked why any intelligent person in Burlington (we were at a restaurant in Burlington at the time) would ever do this. I then looked around the room and saw everyone doing it. (Seriously people, why don't you just leave your doors unlocked and all of your money on the front porch, you're making this too easy!)


Contact Us for Phishing Resistant Security Solutions

While QR codes offer convenience and fun, they also pose risks if not used cautiously. Protect yourself and your business from scammers by staying vigilant. At 256 Solutions, we specialize in phishing-resistant security solutions to safeguard your devices and data. Contact us today to learn more about how we can help secure your business.

Article based on an earlier article from The Technology Press.

0 comments

Comentários


bottom of page