QR codes are essential, but some may hurt you

Popular among modern tech users, QR codes have become essential in transferring large amounts of data by providing an easy and quick way to promote website URLs.

Jinat Jahan Khan

Jinat Jahan Khan

The Daily Star


July 26, 2022

DHAKA – With more dependency on the internet, the cases of online scams are always on the rise. Among different innovative ways to scam people, tricking users through QR codes is a very common scenario. Since the early 2000s, QR codes have been in use, and these are still alive and well. Smartphone cameras can even scan them directly. The continued usefulness of QR codes is due in large part to changes to different marketing channels and new applications for their usage. Popular among modern tech users, QR codes have become essential in transferring large amounts of data by providing an easy and quick way to promote website URLs. However, it bodes to be careful when using QR codes.

What are QR codes?
QR codes or ‘Quick Response’ codes are capable of storing a lot of information and data. They are essentially barcodes that are frequently used to track information about goods and services in a supply chain and in marketing and advertising campaigns.

Interestingly, it does not matter how much information a QR code contains. Once scanned, it will allow the user to access all of its data instantly. Hence, it justifies its name ‘Quick Response’. Even if these codes are efficient and easy to use, we should not overlook the risks and dangers that are associated with using QR codes.

How can some QR codes be dangerous?
QR codes are inherently not risky. However, these codes may contain phishing or malicious URLs or bugs that involve security threats making these codes dangerous. While it is usually safe to use QR codes, there are certain ways your information could be confiscated by a malicious third party. Here are some ways in which QR codes can cause you notable harm.

Phishing scams through QR codes

QR codes are often used in phishing attacks known as QPhishing. In this method, a cyber criminal replaces a legitimate code with a QR code embedded with a phishing website URL, which does not look suspicious at all. Scammers can use catchy lines such as “Scan to win a surprise gift” to exploit your curiosity and steal your information, especially in public places. Such codes can even be deployed in an email to breach your data.

Triggering malware attacks

Cybercriminals may present QR codes embedded with malicious URLs so that whoever scans the code gets infected by the malware. It can harm the users by opening backdoors for more malware attacks or infections, or it can silently steal your confidential information and send them to criminals. Sometimes these malware attacks can be ransomware attacks where cyber criminals hold your data and information hostage for a ransom.

Bugs in QR codes

If there is a bug in a QR code, the bug gets triggered whenever a user points their camera at that code. Hackers may use this bug to exploit the cameras or sensors of users’ smartphones and other devices, redirecting them to various malicious and inappropriate websites. These bugs can also manipulate the genuine URLs within QR codes.

Financial theft

Since QR codes are a popular and efficient way to carry out different transactions and pay bills instantly. Unfortunately, fraudsters can take advantage of such codes to steal money from people. The use of QR codes has increased exponentially after the Covid-19 pandemic, to promote contactless communication and information exchange. Now, these are largely used at shops and restaurants to pay bills, show menu cards or discount offers. However, scammers may replace these legitimate codes, especially in public places, with wrong account details to scam unsuspecting passersby.

How to be safe while using QR codes
Use QR codes only from trustworthy sources

To remain careful, it is best to scan QR codes only from reliable sources. It is highly recommended not to scan any random QR codes that are too exposed or can be found in any usual public place. To ensure that a source is trustworthy, check the website URL and security, such as looking for its SSL certificate.

An SSL certificate refers to a digital certificate that helps authenticate a website’s identity. Here, SSL or Security Sockets Layer is a security protocol. It keeps internet connections secure, ensuring that criminals are prevented from reading and modifying information. If there is a padlock icon next to the URL in the web address, it means that SSL protects the website and it is safe to visit it. Only after being fully confirmed about security measures and trustworthiness, a person should share information or carry out any transaction.

Update the device’s security on a regular basis

Installing and updating your smartphone or any device’s security software patches provide security to all your information and data. Moreover, installing some anti-malware software such as Emsisoft Emergency Kit review, Bitdefender Antivirus Free Edition, AVG AntiVirus Free and Avira Free Security Suite may provide an extra layer of security to your devices from malicious activities and can notify you instantly in case any suspicious activity is found.

Use QR scanners to maintain security

Always use QR scanners that display URLs before opening them instantly. Most third-party scanners have a feature in which they directly display the website after scanning the code. It may seem more convenient and efficient, but it can be dangerous in case it contains some malicious factor. Therefore, it is best to use a built-in QR scanner that generally comes with a smartphone camera. It shows the site link before opening it directly. Thus, the user has the option to close the link before it gets opened if something seems dubious.

Be cautious all the time

When you are about to scan a QR code, check if there is any suspicious frame text, or if the displayed logo or the website URL after scanning seems to be different or tampered with. Pay close attention to detail. If anything seems wrong, it is recommended not to use it and find any different mode to share information and transactions.

scroll to top