Quick response codes or QR codes are small barcodes that can be scanned by smartphone cameras.
The codes direct the user to a particular website.
For example, restaurants use QR codes for customers to scan on their phones to read the menu.
About 85% of smartphone users have scanned a QR code at least once. And, 35% of smartphone users scan a QR code at least once a week.
QR codes are used by many organizations for Covid-19 information.
Some health departments use QR codes when checking in patients for vaccinations.
But, one man who doesn’t support vaccination tried to stop this.
Here’s what happened…
When patients used their smartphones to check-in, they scanned a QR code.
But, instead of being checked in, the users were directed to an anti-vaccination website.
Colin D. had gone to the vaccination location and placed his own QR code stickers on top of all the legitimate QR codes.
The victims thought they were scanning a legitimate QR code. But, were directed to another website.
Colin D. was charged with obstructing operations related to vaccines and police said no personal information was compromised.
But if Colin had used a malicious website many people could have been infected with a virus.
In short, this incident could have been much worse.
QR codes have skyrocketed in use since the pandemic because they are a quick, contactless way to share information.
But they also leave a lot of data unprotected.
One of the problems with QR codes is that, by design, they aren’t human-readable.
Which means it’s almost impossible to detect if a QR code is safe by looking at it.
So, before you go scanning another QR code, here are some things you should know, and precautions you should take.
Check the link:
Many QR codes lead to a website.
But, once you scan the QR code you should be able to see the link it’s taking you to.
If the link is a Bit.ly or some other short link you should avoid the website.
Bit.ly is often used by hackers to disguise dangerous URLs.
And if the company is using a QR code they don’t need to use a shortened link.
Most smartphone browsers will allow you to preview a link before going to the website.
So, make sure you do this to see if it is a legitimate website.
No one trusts links:
These days, most internet users understand the risks involved with clicking on links.
So, if you receive an e-mail from someone you don’t know, and it contains a website link, you know not to click on it.
The same goes for attachments in e-mails.
Most folks know not to click on them unless you are 100% sure it is safe to do so.
Which is why hackers are turning to QR codes.
They can send you a code in the regular mail or through e-mail.
One common scam is for college students to receive letters in the mail about how they can reduce their student loan debt.
You should take the same precautions with QR codes that you do with unknown links or attachments.
If you scan a QR code and it asks you to login, this should be huge a red flag.
Hackers will often have a QR code ask you to log into your e-mail or another commonly used website.
Other times, con artists use QR codes to automatically launch payment apps or follow a malicious social media account.
Be suspicious if, after scanning a QR code, a password or login information is needed.
Never give extra information.
This is just a way for them to steal your personal information.
Is it a sticker?
Scammers, like Colin, sometimes cover legitimate QR codes with bad ones.
If you’re at a restaurant, and each table has a QR code linking to the menu, it’s easy to replace the code with a sticker.
The hacker could easily make the QR code appear legitimate to the human eye.
But it could take you to a malicious website where your information is compromised.
The use of QR codes by scammers offers another way to steal personal information or get you to download a virus onto your device.
The thing is, QR code scams can come via an email, a direct message on social media, a text message, a flyer, or a piece of mail that includes the code.
If you use anti-virus software check to see if the company provides a QR scanner with added security.
Some companies offer this and can protect you from fake QR codes.
If you think you are looking at a fake QR code you should take the time to go to the official website for the company or organization you are trying to access.
Taking the extra few moments for due diligence can save you from getting hacked.