When you scan a QR code, how sure are you about exactly where it will take you and what it will do?
QR codes have become a useful part of everyday life and most of us will see at least one every day.
But scammers take advantage of their convenience by redirecting you to malicious websites that can steal your information, process fraudulent transactions, and download malware.
Scan here for a surprise
Quick response codes, better known as QR codes, are typically a collection of black pixelated shapes that, when scanned by a mobile camera, direct the user to a website. These have become an increasingly popular method of providing a menu, paying a bill or accessing information.
However, their safety is not always guaranteed, as there is little to stop a scammer from superimposing their own QR code on top of the legitimate one and sending you to a fake website that looks identical to the one you may have been trying to access. access.
From here, the website may request payment, ask you to download a file containing malware, or steal sensitive information.
QR codes are also increasingly used in phishing emails, as spam filters cannot recognize that a QR code could be forwarded to a malicious website, allowing it to enter your inbox unhindered.
Due to the vulnerabilities caused by QR codes, the US Federal Trade Commission has issued a warning against the use of QR codes and provided guidance on how to stay safe when navigating a QR code-enabled site. offered.
This guidance includes:
- Guaranteeing the URL of the website that a QR code will take you through is legitimate and will not contain any irregularities from the URL of the page you expect to visit, such as a single misplaced letter.
- Never enter sensitive information until you are sure the website is legitimate.
- Check the QR codes for signs of tampering that could indicate the QR code has been replaced or covered by a fake code.
- Most mobile phones these days have the ability to scan QR codes with the standard camera, so always be wary if a QR code requires a specific third-party QR code scanner.
- There is almost no functionality for embedding a QR code in an email, so always stay alert if you receive an email in this format.
Through ArsTechnica