QR Codes: Convenient, but With a Catch.

You’ve seen them around everywhere: packaging, menus at restaurants or bars, fliers, exhibits, business cards, webpages, the list just keeps going! To say that these pixelated icons of data have revolutionized the way we access information and conduct payments would be an understatement. However, as with any significant technological innovation, there’s a dark side to QR codes that we need to be aware about. In this short post, we’ll explore the many positives, but also ways in which cybercriminals can exploit QR codes for malicious purposes. 


The Plus Side of QR Codes

As most of us already know, QR codes offer a multitude of benefits that enhance our day to day lives. The ability to scan a code using a smartphone camera makes processes such as paying fees or accessing websites way more streamlined and efficient. Beyond convenience, QR codes have gained attention in their role of being completely contactless, eliminating the need for physical interaction. After the introduction of COVID-19, this has aspect become increasingly important as individuals are now concerned about health and hygiene more than ever. Businesses are also able to reduce costs by reducing reliance physical infrastructure, and marketers are able to harness the power of QR codes so that customers to access discounts, product details, or special offers. 


The Dark Side of QR Codes

With technological innovations (QR codes included!), always comes bad actors looking for new ways to prey on unsuspecting victims. Here are some malicious activities you should look out for the next time you think about scanning a QR code: 

Phishing Attacks: Cybercriminals have begun to use QR codes as a way to steal personal information from unsuspecting individuals. Some QR codes, when scanned, lead users to fake websites designed to steal confidential information. Such information includes usernames, passwords, credit card details, and even banking information.  

Malware Distribution: Embedded into some QR Codes are URLs leading to super shady sites. If a user decides to scan the sketchy QR code, an action is triggered that leads to the download or installation of malware onto the user’s device. The type of malware can vary, but some common examples include viruses, ransomware, trojans, and spyware.

Data Collection: Some QR codes are designed to harvest data from the individuals through the use of surveys and user profiling. While nothing malicious seems to happen immediately, the data that is collected is usually sold off to third parties, which can be invasive and intrude on your privacy.

Social Engineering: There have been cases where malicious actors have approached individuals to pay for fees or services that are fake. The bad actor may leverage trust with the individual in an attempt to get them to scan a QR code, which can initiate a monetary transfer, or cause any of the other attacks as we discussed previously. 


How to Protect Yourself From Potential QR Code Threats

  1. Always verify the source of a QR code before scanning it. While it may be enticing to scan an oddly placed QR code on the backside of a street sign, you could unintentionally put your device security at risk along with your confidential information.
  2. Make sure that you are also using a reputable QR scanner application that offers URL validation 
  3. Keep your devices and apps up to date with the latest security patches.

By practicing these precautions, you can harness all of the awesome benefits of QR codes, ensuring a safer and more secure experience. Happy scanning!