Cybercriminals, in addition to other tactics, use QR code fraud.
QR codes are seen almost everywhere today, both on digital platforms (Facebook, Instagram…) as well as on physical ad slots, TV ads and the like. The epidemic has also encouraged their use. European digital COVID certificates are almost exclusively verified via QR codes, as they are faster and more user friendly. The app has spread to other regions as well. Restaurants and cafes have transferred actual menus to square barcodes that we scan with smart devices.
Cybercriminals have also felt that QR codes can be exploited everywhere for malicious purposes. In fact, it’s a smart move, because QR codes, at least in appearance, find it hard to recognize as something malicious.
“Whenever new technology emerges, cybercriminals try to find a way to take advantage of it,” says Angel Grant, Vice President of Security for Application Security F5. Their tactics are most effective if users do not know how a particular technology works. QR codes (short for “Quick Response”) first appeared in 1990 in Japan. Initially, they were used by the automobile industry to manage production, but over time, the technology spread to other areas. Why did cybercriminals take so long to exploit them for their own purposes? They were waiting for the peak of the use of QR technology, which came with the onset of the epidemic.
Cybercriminals have adapted and used the technology for phishing messages. Just scanning a QR code will not infect your device in most cases, but the code will take you to fraudulent websites from which criminals obtain bank accounts, credit card numbers and other personal information. Although classic phishing messages are still the most prevalent form of attack, in the past two years IT experts have noticed a significant increase in the use of QR codes to steal personal data.
People are becoming more aware of obvious signs of fraud due to the growing awareness of phishing attacks. However, when scanning QR codes, many users do not think that it can be a scam at all. In Texas, unprepared people placed stickers containing QR codes on physical parking meters. Instead of redirecting users to an authorized website for parking fees, they were brought to a nearly identical site from which the attackers collected credit card information.
Just as QR codes make it easier for users to buy or browse, so also people who aren’t hard-earned take advantage of QR technology. In the physical world, they can be placed almost anywhere inhabited and just waiting for potential victims. In the digital world, they like to use them because security equipment often doesn’t detect them as malicious devices.
Here are some health tips
- Think before scanning. Be especially careful with QR codes in public places.
- When scanning a QR code, take a closer look at the website that led you to it. If you notice anything suspicious, leave the site immediately.
- Skip QR codes in emails unless the sender is trusted.
- Some newer smartphones allow you to preview the QR code URL. If the web link looks suspicious, don’t use it.