In case you feel that you have been playing it quite safe, and want to spice up your Monday evening by having some information taken from you, consider looking into different QR codes you find online!
All jokes aside, Quick Response (QR) codes are square-looking barcodes that are easily machine-readable, which makes them very useful for storing data and being accessed fairly quickly. Especially in the COVID-19 haunted world we presently live in, these QR codes are being used to help trace coronavirus exposure and slow the spread of the virus. It can hold personal information too, such as vaccination records. The technology behind it helps make interactions contactless. It makes our lives easier, and unfortunately, this includes wonderful and persistent scammers.
Here is an example of a QR code:
Looks fairly simple, confusing, and innocent at the same time.
If you ever want to learn how to create a QR code, here is a link that may interest you:
https://blog.hubspot.com/blog/tabid/6307/bid/29449/how-to-create-a-qr-code-in-4-quick-steps.aspx
How are they using QR codes unethically?
Well, scammers tend to find their ways, but they are essentially directing QR code scans to malicious sites to receive payment, steal data and/or gain access to the victim’s device. A real-life example could involve posting fake QR codes on a parking meter and attempting to intercept the payment.
The tricky part is that it’s often difficult to determine whether or not a QR code is legitimate. Unless you are tech-savvy, some websites that a code may direct you too, could definitely look real, even if a cybercriminal is behind it.
Now, you might be saying “ I hear you, but what should people do?”
First of all, bonus points for those of you who were actually thinking about how to protect yourself, friends and family. There are a few steps and situations to think about when dealing with QR codes. Here are a few:
- Whenever you scan a QR code, make sure the URL is the intended site and looks real. For example, if you see a site that contains “www.I.am/going/2/hack/you.com”, I would probably assume that is not safe
- If you are about to scan a QR code and notice that it is actually a sticker, covering up another QR code, be extra cautious!
- Do not download apps from a QR code. You should use your phone’s default app store instead.
- Be extra careful when doing any payments with QR codes. This includes making sure you have the correct site and the information you are typing is accurate. This one is probably a given for everyone…probably.
Quick Response, or QR codes are quick, convenient and efficient ways to store some data and has been especially prevalent in today’s pandemic world, where the more “contactless” we can get, the better. However, there are definitely some malicious ways these can be used, so it is always crucial to think about where you are being taken to, anytime you hover your phone to scan!
If any of you would like to discuss QR codes and/or some of the content above, please comment below! Thank you for reading.
References:
https://www.ic3.gov/Media/Y2022/PSA220118
https://www.kaspersky.com/resource-center/definitions/what-is-a-qr-code-how-to-scan
https://www.freetech4teachers.com/2017/09/how-to-create-qr-code-for-google-form.html
I’ve been seeing these all over the internet as a trend recently, especially on Instagram. I think it started out pretty innocently leading to URLs for rick-rolls and such, but I’ve definitely heard a few have been legitimate viruses or other disruptive malware. Definitely be careful what you’re scanning, both online and in real life. Good post, and good advice!
Thank you Matt!
This is just to show how easy it is for people to be taken to the wrong site with QR codes. Although some of it is for comedic purposes, people need to consider those as warnings!
Hello,
Me and one of my friend actually had an incident like this! We came back to a car after eating from a restaurant, there was a qr code and we have thought it was a ticket for parking the car for too long. Since it was our first time getting a ticket, we have thought this was an interesting way of the government receiving our fine! As you have recommended us, I have checked the URL of the website it have lead us, but it turns out the URL was completely different from the cities fine paying webiste, so I have realized this was some kind of scam! I learned a lesson to check the URL everytime when QR code leads to somewhere suspicious!
Hi Eric,
Thanks for discussing.
I really appreciate the example here because it highlights the fact that it can really happen to anyone, even if people try to avoid it. I am glad that you were able to notice that the URL does not belong here. This simply shows how much knowledge can do for you when it comes to security! If you two didn’t notice that small detail, things could have gone bad.
You have a very interesting point here. Well it might seem easy that if we do this this, we wont be scammed. But let’s think about someone working at a mall checking QR codes of probably hundreds to thousands of people. It is not easy for him to look for tiny little details and as a user of QR I can also say that it is very difficult to differentiate as the random marks on QR doesn’t make sense.
Thanks for discussing Shahriar!
I do agree that even by taking precautions, a scam can still occur. Just learning about precautions helps reduce the likelihood. Also, your real-life example is very interesting and prevalent. Who knows if any customer comes in with a fake QR code. Perhaps, and I am not sure, but perhaps the device they use to scan QR codes might be suitable for these circumstances. That is, unless the user of the device does something out of their job duty(like logging into somewhere suspicious, or making payments with company device), they are likely on the safe size. Nonetheless, it can really happen to anyone in any situation so it is important to consider.
Thanks Rahat for this post!
At the end of the day, from my point of view I believe that it comes down to the user to take mobile browsing safely and securely. QR codes are now widely used everywhere and scammers do take the best advantage of this. So again, rather than any school, government, legitimate businesses or organizations, it is one way safe to make sure that the
Thanks for the post Rahat!
From my point of view, I think that it eventually comes down to the user to take mobile browsing safely and securely. QR codes are now widely used and obviously, scammers/hackers would be trying to perform phishing through it. So rather than any school, government, legitimate business or organizations, it is better not to scan any unknown QR codes, especially from any ads to download any app, for offers in certain online stores etc.
Thanks for discussing Rajarshi,
It is one of those situations in life that you can’t easily avoid to be “safe” but rather it forces you to gain knowledge about protection and security! You have great simple advice that is easy to follow: not to scan any unknown QR codes.
Great read! I never knew how dangerous QR codes were until reading this, I think a lot of people can easily be fooled by seeing a QR code because naturally our first instinct would be to scan it with our phones, but by not thinking about the consequences of scanning it we can put our information at risk. Also great tips, by taking the extra steps to be more cautious about scanning QR codes we can all protect ourselves and hopefully minimize the number of people getting scammed.
Thanks for discussing Samantha,
I think it’s human nature to go on autopilot when they do something so many times. I bet our first time scanning a QR code took more thought than our 100th time (for example). Unfortunately, whenever we seem to get off guard, bad things can happen. So like you said, it is important to take the extra steps to be more cautious!
This is an interesting read! It’s quite interesting that such common thing like QR codes can so easily be used for malicious purposes, and that one would even have to think twice about scanning them. I can’t say I’ve ever been scammed in any way with a QR code, but the advice on avoiding scams is very helpful and simply put. I definitely think it’s their innocent appearance and people’s natural curiosity that leads them to fall for these scams.
Thanks for discussing Raine,
Something very interesting that you said was it’s innocent appearance. You are exactly right about that. Since all QR codes look very similar to the human eye, you can never really tell which ones are potentially dangerous. Although these posts are not to make everyone paranoid, I am glad that you, and hopefully others, will think now think twice before scanning them,especially some random ones you see in public!
Thank you for the informative post! I’ve indeed been scanning more and more QR codes during times of the pandemic world. It seems like QR codes have grown in popularity with their quick, convenient, and contactless characteristics. Also, I preferred scanning QR codes at restaurants, and stores since it is very quick and efficient. I’ve never really thought about potential fraud or scams whenever I scan QR codes until reading this. Thanks for raising awareness and providing good advice. I will think twice before scanning any QR codes and be extra careful when doing any payments through QR codes.
Thanks for disucssing Seyeon,
The pandemic has definitely shifted more and more people into using QR codes, as a way to perform day-to-day tasks without physical contact. Unfortunately, even though the intentions are good and there is a lot of benefits, there still exists a risk. Seems like every new advancement in technology just opens up a door for a threat.
This is an exceptional article. Scammers come up with new tricks every day, and people are prone to falling for them. It’s incredible that these con artists can utilize QR codes as stickers to obscure other QR codes. I agree with all your suggestions for avoiding QR code frauds, but I’d like to add a couple more. Avoid paying bills with QR codes, and don’t trust QR codes you get in your email.
Nice article! Yes it is always good to double check where QR codes are taking you before you follow the link. Putting up a random QR code somewhere seems like a very easy scam to pull off, so I will always be careful with those.
I can’t help but notice that http://www.I.am/going/2/hack/you.com site that you mentioned is a clickable link, I wonder how many readers clicked on it hahahaha.
Hi Sebastian,
Thanks for discussing. It is good that you took out that people should double check where QR codes are taking you. If you know what site you plan to head towards, ensure that the QR code is actually taking you there.
I do wonder the same thing. I’m sure I got a few other students clicking the link out of curiosity!
The list of tools in the scammers toolbelt seems to be getting endless long. This one is worse than most because I think it’s significantly harder to identify for many people. Getting a email from an address that looks like a hashed password is obviously a scam, but in my experience most QR code scanners usually just take you straight to the web address, at least, when using 3rd party apps to accomplish the task. My newest Android phone comes included with a QR scanner that warns me of what address I’m being sent to before it actually happens. I can’t speak to Apple devices but I hope it’s the same for them. Hopefully as these codes become more integrated with our day to day lives more tools are put into place to help spot these types of scams before they happen.
Yeah, I think QR codes scams are extremely important to be aware of especially in today’s society. I agree 100% that it is honestly difficult to know if a QR code is legit, because as you mentioned in your post, it is so easy to make a fake QR code. Actually, the other day, I got a suspicious email containing a QR code. The email said that I had to scan the QR code to get my health records. That threw me off because I can just go on the AHS website to get it if need be you know? I want to add another tip when dealing with QR codes: Don’t download a QR code scanner app as most smart phones have a built in scanner in their camera.
Yeah, I think QR codes scams are extremely important to be aware of especially in today’s society. I agree 100% that it is honestly difficult to know if a QR code is legit, because as you mentioned in your post, it is so easy to make a fake QR code. Actually, the other day, I got a suspicious email containing a QR code. The email said that I had to scan the QR code to get my health records. That threw me off because I can just go on the AHS website to get it if need be you know?
I want to add another tip when dealing with QR codes: Don’t download a QR code scanner app as most smart phones have a built in scanner in their camera.
Hi Hailey,
Thanks for discussing. The fact that QR codes are very hard to distinguish makes it a serious threat. It is good that the suspicious email threw you off, because it might not be that suspicious to someone who isn’t aware of this issue. Thanks f0r your tip, I haven’t thought of that before!
Interesting article! I had not really considered the ways that QR codes could be leveraged in cybersecurity attacks. This is especially troubling since some QR code reader apps enter a website immediately after a code is scanned. If an attack chain leveraged a critical web browser vulnerability that only required the target to visit the exploiting website, one could be attacked without even having the chance to mitigate the risk!
Very interesting article as I was not aware of these QR code scams. I agree that it can be very difficult to tell whether a QR code is legit or it is part of a scam. I would say to never trust a QR code when doing anything related to personal information(payments/banking/etc). Avoiding all QR codes would completely mitigate the risk of being scammed in this effortless way.
The introduction to this article made me laugh. I can definitely understand how easy it may be to fall for one of these scams—people prefer convenience. Rather than manually searching online for a particular website or information, it would be much quicker to simply scan a QR code that directly brings you to the designated page. I tend to scan QR codes because of this, but this article has brought the possibility of QR scams to my attention, and was very informative. I will definitely be more cautious because of this!
Very interesting article, I’ve seen quite a bit around this topic recently. People who aren’t very tech-savvy are definitely the most susceptible as they haven’t even conceived the idea that there could be a malicious intent. I think it’s important that we educate individuals more around security as the internet continues to grow. I also think it’s especially important that we educate those who have been introduced to such technologies later in life as they haven’t been exposed to such dangers that those growing up around these technologies have.
A very interesting and informative article to read! I have never thought of that scam before either heard about it!! Personally I always scan QR codes if I want to join an event or do anything because I always feel its much quicker that entering manually all the details or searching by myself. After reading this article, I would be extra cautious! Thanks for that post!!
Great post Rahat!
Really enjoyed the topic since I interact with such codes on a daily basis and always wanted to know more in-depth about these. After coming to Canada, I have realized how much more common they are in this country, and how much more prominent they have become during the pandemic to provide a contactless experience for customers. Whether it be at a restaurant to check the menu, using a soda machine to dispense soda without touching the handles or to easily following someone’s social media account by scanning their QR codes generated by the apps such as messenger or Snapcash, QR codes have become an integral part of our lives. But given how many people may have harmful intent and create false QR codes and paste them at public spaces, my personal go-to strategy is to only scan QR codes at locations or institutions whose security gives me reassurance such as restaurant tables to view menus instead of random QR codes posted on the wall. It might not be the most full-proof plan but I assume it is something that will help me keep safe.
Interesting topic!
A few years ago there was a QR code scam on OLX.where a buyer asks you to scan a QR code in order to send money and then he robs you of your money. It works in the same way that entering your login details on a banking scam site does. Scammers utilized social engineering to induce victims to scan the QR code with their own phones. By doing so, the victims enabled the scammer’s access to their banking environment’s login credentials.
Great post!
In my home country, since 2014, people began to prefer to pay electronically, and almost no payment by card or cash. They began to pay for almost everything by using their cellphone cameras to scan the QR codes. As a result, there are so many scams about QR codes like what you introduced in your blog happening every year in my home country. Since people in my home country always use the Alipay app or WeChat app to scan the QR codes, the owner companies of these two apps added some “Anti-Scam” functions in their apps. For example, If I used the Alipay app to scan a scam QR code, then the app would warn me this is a scam, sometimes it would stop the payment process automatically. I think this is a good way to prevent people from being scammed by some “fake” QR codes. However, for creating this kind of functions (or tools), the technology companies or governments always need to spend so much money to build large databases to record all these current existing “fake” QR codes and the corresponding scam websites. Thus, I think the best way to prevent ourselves from being scammed by those “fake” QR codes is trying to learn some technical knowledge about how to identify if the QR codes are “fake” or not.
Hi Peisong,
Thanks for discussing. Very interesting comments there. It looks like moving towards electronic payment methods are not exactly as safe and secure as possibly advertised. It is good that the anti-scam functions exist in the apps, because that will help the security and integrity.
Interesting post! Just out of curiosity, are QR codes only able to link to something (meaning that a potential victim has to then physically click on something for malicious code to execute), or are they able to actually execute functions themselves? Because if they are, then it’s a bit terrifying that people both post malicious QR codes, and also that people will carelessly scan them.