When you scan a QR code, how sure are you that you know exactly where it will take you and what it will do?
QR codes have become a convenient part of everyday life, and most of us will see at least one every day.
But scammers are abusing their convenience by routing you through to malicious websites that can steal your data, process fraudulent transactions, and download malware.
Scan here for a surprise
Quick response codes, better known as QR codes, are typically a collection of pixelated black shapes that, when scanned by a mobile camera, route the user through to a website. These have become an increasingly popular method for providing a menu, paying a bill, or for accessing information.
However, their security isn’t always guaranteed as there is little to stop a scammer from placing their own QR code on top of the legitimate one, and sending you to a spoof website that may appear identical to the one you may have been trying to access.
From here, the website may ask for payment, ask you to download a file containing malware, or steal sensitive information.
QR codes are also increasingly being used within phishing emails, as spam filters are unable to recognize that a QR code could be routed through to a malicious website, allowing it to slip into your inbox unhindered.
As a result of the vulnerabilities posed by QR codes, the US Federal Trade Commission has issued a warning against the use of QR codes, and has issued guidance on staying secure when navigating through a site provided via a QR code.
This guidance includes:
- Ensuring the URL of the website a QR code routes you through is legitimate and does not contain any irregularities from the URL of the page you are expecting to visit, such as a singular misplaced letter.
- Never enter any sensitive information until you are sure the website is legitimate.
- Check QR codes for any sign of tampering which may indicate the QR code has been replaced or covered by a fake one.
- Most mobiles today have the ability to scan QR codes with the default camera, so always be suspicious if a QR code requires a specific QR code scanner provided by a third party.
- There is almost no functionality for embedding a QR code into an email, so always remain alert if you receive an email in this format.
Via ArsTechnica
More from TechRadar Pro
- Cyber attacks against key US infrastructure continue, but this time its China
- Looking to protect your organisation? Here is our guide to the best endpoint protection software
- A whole new kind of Linux malware has been found in the wild