Stop scanning QR Codes!

Stop scanning QR Codes!

We are used to seeing QR everywhere.

When we rent an e-bike we scan a QR code. In stores, we can scan the code to make a payment. Alongside city landmarks, there are codes that provide information about the area’s history.

So it’s no wonder that over 20million people blissfully scanned the QR code that appeared on a 60-second ad during Super Bowl 2022, not knowing what it was or what would happen after they scanned it.

While there is nothing wrong with QR technology itself, we are way too trusting and this is the exact opportunity scammers look for.  

QR codes are useful but are open to scams, data sharing where you don’t want it, malware, and phishing attacks – even the FBI is warning people to stop scanning QR codes!

How can QR codes be used for evil by scammers?

What we don’t realize is that QR Codes can be used for more than just opening a website.

QR codes can initiate various actions on your phone which can be abused by scammers.

A QR code carry risks on the following platforms:

Website:  Scanning a QR code can launch you to a phishing website or a site that has malware or dodgy content. 

If you don’t examine the URL of the website, you may not detect that there is a misspelling or a variation of the official domain and you did in fact land on a phishing site.

In the Superbowl ad case, the QR code was above board. When scanned, the code took viewers to the Coinbase website at the Coinbase.com domain. Scammers can quickly set up a website that looks identical to the Coinbase site and register a domain that is very similar such as Coinbase.app or CoinbasePromo.com. 

Email: If you scan an email QR code, it will create a new email, address it and even write the email for you. The message in the email could encourage you to send the email “in order to activate your account” or “in order to verify that you are the email owner”. 

Once a scammer has your email, they know you are a motivated target and can use techniques to encourage you to sign up to fake websites in order to steal your information.

SMS message: If you scan this QR code, it will create a new SMS text message and pre-populate the number and the text encouraging you to send it. A scammer now has access to your cell number and starts spamming you. 

Social media: A QR code can post on your social media. For example, a code could lead you to create a new tweet that you can post with links for your followers to get tricked too.

Other uses: It can also be used to follow accounts, which could lead to a DM where social engineering techniques are used to get you to part with your info or even install software on your computer.

QR codes can also add new contacts to your phone, insert calendar events, download apps from the apps store, and even share your WiFi’s password.

How to be QR code-savvy:

  • Treat QR code like a link in an unknown email. Be careful and check the email.  
  • Instead of downloading an app from a QR code, get it from the app store. 
  • If a code takes you to a site, check the URL but if in doubt, rather go manually to that organization’s website.
  • Look out for any QR code that has been tampered with or pasted on top of another one.
  • Be very cautious of sharing any information such as your location and contact details via a QR code unless you have verified that you’re on a safe platform. 

Also, check out how WhatsApp uses QR code to secure messages

Liron Segev - TheTechieGuy

Liron Segev is an award-winning tech blogger, YouTube strategist, and Podcaster. He helps brands tell their stories in an engaging way that non-techies can relate to. He also drinks way too much coffee! @Liron_Segev on Twitter