QR (Quick Response) codes that look like graphic black and white squares have become very popular lately. They can be seen in a magazine, on a TV show, on tickets, business cards, product boxes, websites, etc. In short, they are present on almost everything that we might want to know more about.
QR codes have made it very easy and convenient especially for manufacturing and service companies who want their customers to know more about their products and services, just by scanning the QR code with their Smartphones. A user needs a QR reader app on the Smartphone in order to scan the code. Once the QR code is scanned, user is then directed to online content / website that has information on a product or service.
QR codes that are meant to be a convenient way for brands / companies to provide details to their customers are also a boon to cyber criminals. These codes can be used by scammers to spread malware, steal personal information or for phishing attacks, as they can easily be redirected to a malicious website or application, thus putting your mobile security at risk. For this, scammers only need to go online, create their own QR code and embed a link to a malicious web address. They can then use this code online, or in the form of stickers and place them in public.
As codes typically lead to a website, cyber-criminals use this method to redirect you to malicious websites that ask you to download malicious applications which when downloaded may display your calendar, contacts and credit card information to cyber-criminals. And hence, it then makes it easy for these scammers to get your mailing account and social network account details.
Once this malicious app is downloaded in your Smartphone, it can surreptitiously send spam messages to people on your contact list. This app can even send malicious links to people in your contact list resulting in a Smishing attack. And after sending messages to people, it will leave you with a hefty phone bill.
However, the real danger of these codes is the surprise element. That is, until you scan the code, you will have no way of finding out whether the web address where it redirected is genuine or not.
Experts advise people to stay away from QR codes that are displayed on shops, stalls, walls or even from websites that appear suspicious and only scan codes that are from trusted sources such as the ones that appear on product packaging, TV shows, newspapers or magazines.
Here’s some practical advice on how to spot / avoid malicious QR codes and stay protected from evolving cyber threats:
- Use and maintain anti-virus software, a firewall as well as an anti-spyware software and keep them up-to-date.
- Use a mobile QR code / bar-code scanning app with a URL preview function.
- Do a reality check, before scanning a QR code. Research if the company has come up with a QR campaign.
- Do not scan suspicious codes and links that do not seem to match the information you are looking for. Malicious codes often appear with little or no text.
- Long URLs have already proved to be an excellent USP for phishing syndicates. Hence, be careful if the link is too long and looks suspicious.
- Scammers create malicious codes and stick them in public places. Do not scan QR codes in the form of stickers placed elsewhere.
- After scanning the code, if you are redirected to a website that asks for your details, never provide your personal details and log in information on any such sites as it can be a phishing attempt.
- Android-based Smartphones have become targets of most malicious apps spread via QR codes so be extra cautious if you’re using an Android-based Smartphone. Moreover, always keep your Android browser up-to-date.
Enjoy the convenience of QR codes and at the same time stay protected from potential dangers.