You have no doubt noticed that QR codes—those square blocks of black and white pixels—are ubiquitous, adorning everything from restaurant menus to store products to mall posters. They are a low-cost, easy way for businesses to link consumers to websites, store discounts, promotional campaigns and mobile payments. The problem is, they’re not entirely secure.
QR codes have really come into their own as the preference for contactless transactions has increased during the pandemic. More than one-third of smartphone users have scanned a QR code on a product or at a restaurant or bar over the last year. The problem is most mobile users aren’t aware of the potential risks of QR codes.
While they can’t easily mess with the pixelated dots in the box, hackers are able to embed malicious software in the QR code. While the code looks the same, a hacked QR code can send users to an infected website where it can trigger a malicious download or capture sensitive information. It can also install malicious software on a smartphone. Once on the smartphone, the malware can wreak havoc. It can:
- Initiate a phone call to the scammer to expose the victim’s phone number to the scammer.
- Send text and receive text messages to and from the scammer.
- Add a contact listing that can be used to unleash a spear-phishing attack.
- Initiate a payment that would expose the user’s account information.
- Track your location and collect data on your whereabouts.
- Direct your social media accounts to follow the scammer’s accounts to expose your personal information and contacts.
- Add a compromised Wi-Fi network as a preferred network with credentials to automatically connect the device to that network.
Most smartphones have QR code reading capabilities, and sometimes it’s tempting to use them. But, just because you may be able to scan a QR code doesn’t mean you should—at least without considering the possible consequences. Refraining from scanning them is your best defense against scammers, but there are other precautions you can take.
Some financial institutions include their logo inside the QR code similar to the way Alpine Bank does with its code (see below).