QR Codes are Not as Safe as You Think! You Never Know Where Your Money Will Go
BEWARE! Stop scanning QR codes to make payments! If you don’t stop, you will lose more money.
QR codes appear everywhere these days! The COVID pandemic catapulted QR codes from a semi-niche concept to a virtual requirement. Restaurants and bars use QR codes to provide menus without passing germs, and businesses of all types use QR code scanners to pay for goods and services. Unfortunately, any technology that makes life easier or more convenient for us also makes it easily exposed to cybercrimes and to other greater risks. When used correctly, the QR code is quite cool. Simply point your smartphone’s camera at a QR code, and there will appear a link that you can tap to visit the designated website. The problem is that you don’t even know what the designated website is. You have no idea where the QR code scanners will take you, and you have no way of knowing whether they will take you to a legitimate website or a malicious destination.
I believe everyone understands what a QR code is by now, but just in case, let me provide a brief explanation. A QR code is a square symbol with a distinct pattern, similar to a fancier barcode. QR codes, short for quick response codes, are a type of two-dimensional barcode that contain data, often for a locator, identifier, or tracker. They can be easily read by a smartphone or other device with a camera and converted into useful information for the end-user, such as a URL for a website or an application. QR codes were invented by an automotive company in 1994 to track car components, but their ease of use and larger storage capacity up to 2,500 characters compared to the barcodes 43 have quickly made them popular in global industries.
Do you know where that QR Code will take you?
It was literally just a QR code that bounced around the screen aimlessly for one minute. There was no written text. There was no conversation. There was no music playing while the QR code bounced around and changed colors. QR code received 20 million hits in the first minute, despite the fact that no one knew where it would lead them. Fundamentally, that is the problem. You scan the QR code, and there is an inherent trust that it will point to where you expect it to point, or that it is not malicious. However, research shows how simple it is to take advantage of that trust. If we go over a few scenarios. The one that we believe is most relevant to most people and best illustrates the issue revolves around QR codes in a restaurant or bar setting. Most restaurants and bars have implemented a QR code system for sharing their menus and those QR codes are typically just stickers placed on tables and bar counters. What’s stopping a threat actor from simply slapping a malicious QR code sticker on top of this one?
Think twice before scanning
QR codes aren’t going away anytime soon. They do provide a simple and convenient means of sharing or collecting information. It’s not that businesses or consumers should avoid QR codes entirely. However, they must abandon their inherent trust in QR codes. People should exercise the same caution and vigilance as they would with an unknown link or file attachment in an email.
When it comes to QR codes, do check out these seven safety tips:
1. Please do not scan it.
2. Be patient
3. Carefully examine QR code URLs
4. Look for physical tampering signs.
5. Never use QR codes to download apps.
6. Do not use QR codes to make electronic payments.
7. Enable multi-factor authentication (MFA)
If possible, avoid scanning QR codes, but if you must, keep these 7 tips in mind and think twice before scanning that QR code.