You can find QR codes are everywhere these days, on restaurant menus, in shops, flyers and posters. QR codes are convenient and easy to use and you can easily scan them with your smartphone camera to go to a website, a coupon, a video or some other online content.
With the rise in their popularity, comes an unfortunate dark side as cybercriminals are exploiting this technology for nefarious purposes. Scammers create fake QR codes that can steal your personal information, infect your device with malware or trick you into paying money. As such, it is crucial to exercise caution when scanning any QR codes. This blog article highlights the potential dangers lurking behind those seemingly innocent square patterns.
The QR Code Re-emergence
QR codes were originally designed in 1994 by a subsidiary of Toyota for tracking automotive parts. They have experienced a renaissance in recent years and are now used as a form of marketing. They offer the convenience of instant access to information by simply scanning a code. Unfortunately, cybercriminals are quick to adapt and a new phishing scam has emerged, exploiting the trust we place in QR codes.
How the Scam Works
The scammer prints out a fake QR code and place it over a legitimate one. For example, they might stick it on a poster that advertises a product discount or a movie. People then scan the fake QR code, thinking it’s legitimate but it then redirects them to a phishing website. From here one of a few things may happen:
- a site may ask you to enter sensitive data such as your credit card details, login credentials or other personal information.
- you may be prompted to download a malicious app that contains malware that can do one or more of the following:
- Encrypt your data until a ransom is paid.
- Spy on your activity
- Access your contacts and steal their details and / or send them emails.
- Access your copy/paste history
- direct you to a payment page that charges you a fee for something supposedly free.
Here are some tactics to watch out for.
Malware Distribution
Some malicious QR codes start downloads of malware onto the user’s device. This can result in unauthorized access to personal data and potential damage to the device’s functionality.
Malicious Codes Concealed
Cybercriminals tamper with legitimate QR codes. They often add a fake QR code sticker over a real one which embed malicious content or redirect users to fraudulent websites.
Fake Promotions and Contests
Scammers often use QR codes to lure users into fake promotions or contests. When users scan the code, it directs them to a counterfeit website which then prompts them to provide personal and / or financial information. This can lead to potential identity theft or financial fraud.
Tips for Safe QR Code Scanning
Verify the Source
Always be cautious when scanning QR codes from unknown or untrusted sources. Verify the legitimacy of the code and its source. This is especially true if it prompts you to enter personal information.
Use a QR Code Scanner App
Consider using a dedicated QR code scanner application rather than the default camera app on your device. Some third-party apps provide extra security features to check the code and website reputation.
Inspect the URL Before Clicking
Before visiting the prompted website, review the URL. You need to ensure it matches the legitimate website of the organisation it claims to be.
Avoid Scanning Suspicious Codes
As with anything, trust your instincts. If a QR code looks suspicious, don’t scan it. Scammers often rely on users’ curiosity so be careful when scanning QR codes that you see in public places. Don’t scan them if they look suspicious, damaged, or tampered with. Exercising caution is better than being sorry.
Update Your Device and Apps
Keep your device’s operating system and QR code scanning apps up to date. Regular updates often include security patches that protect against known vulnerabilities.
Be Wary of Websites Accessed via QR Code
Be careful entering any personal information on a website that you accessed through a QR code. This includes things like your address, credit card details, login information, etc. Do not pay any money or make any donations through a QR code, only use trusted and secure payment methods.
Contact Us About Phishing Resistant Security Solutions
QR codes can be useful and fun, but they can also be dangerous if you are not careful. This scam falls under the umbrella of phishing. Always scan QR codes with caution to protect yourself from scammers who want to take advantage of your curiosity.
QR code phishing is one of the most dangerous modern risks for individuals and organisations. If you need help ensuring your devices are phishing resistant, please contact us.