What are QR Codes, and are They Safe to Scan?

What are QR Codes, and are They Safe to Scan?
The Siliconreview
29 November, 2021

QR codes are not a new phenomenon anymore; they are being used widely for various things. You must have seen them placed in the shops for payments or on the posters containing information about companies or events.

However, you may have also noticed some more suspicious QR codes, with no indication as to where they lead. Fraudsters try to deceive people everywhere, and QR codes are only one of their schemes. Nevertheless, researchers have reported attempts to lead users into deceptive websites. In other cases, the intent might be specific. For instance, ZDNet reported malicious QR codes being placed in emails, attempting to steal users’ Microsoft 365 cloud credentials.

Thus, even if these codes are more prominent today, it does not mean that you should scan each of them. Let’s discuss more about this technology and how it might affect you.

What are QR Codes?

The Japanese firm Denso Wave, a Toyota subsidiary, created the first QR code system in 1994 for tracking automobiles. They wanted to have a more precise method of monitoring vehicles and components throughout the manufacturing process. Denso developed a type of barcode that could encode kanji, kana, and alphanumeric characters to accomplish this.

A QR code is basically a series of pixels in a square-shaped grid that can be read by a digital device and contains data as a sequence of pixels. QR codes are frequently employed to keep track of items throughout the supply chain since many smartphones have built-in QR readers, leading to increased use in marketing and advertising campaigns. They've recently played an important role in tracking coronavirus infection.

Moreover, a standard barcode can only be read in one direction – from top to bottom. This implies they may only store a limited amount of data, usually in the form of alphanumeric characters. On the contrary, a QR code can be read both vertically and horizontally. This allows it to contain substantially more information.

Functions of a QR Code

A QR code may contain website URLs, phone numbers, or up to 4,000 characters of text. You can even create a QR code on Google Chrome for every website you visit. QR codes can also be used to:

  • You can add a link that directly takes the user to download an app on the Apple App Store or Google Play.
  • It can be used for online authentication of accounts and to verify login details.
  • You can easily access Wi-Fi by storing encryption details such as SSID, password, and encryption type in QR code.
  • Send and receive payment.

How Scammers Use QR Codes?

QR codes can be used to host malware and steal data from a mobile device when scanned. It's also feasible to embed a malicious URL into a QR code that takes users to a phishing site, where they may provide personal or financial information.

Moreover, attackers can modify a QR code to direct people to an alternate resource without being detected. While many individuals are aware that QR codes may lead to the address of a website, they may be less aware of other possibilities of what QR codes can initiate on their devices.

Aside from launching a website, QR codes can add contacts, compose emails, or initiate payments. This element of surprise makes QR code security dangers even more dangerous.

A typical assault entails distributing fake QR codes in public areas, which sometimes conceal genuine ones. Users who scan the code are redirected to a harmful website that might host an exploit kit, allowing for device compromise or a fake login page to steal user credentials.

Some websites may do drive-by downloads, so simply going there can start an undesirable software download.

Ways to Avoid QR Scams

There are a few crucial steps that you can take when utilizing QR codes or scanning them. Here are some pointers to keep in mind:

  • While scanning a QR code in public, check if the genuine code is there or it has been replaced with a sticker that may take you to harmful online material.
  • Scanning a QR code is an automatic process that opens the URL in your mobile browser. Be aware of any unusual behavior, such as long wait times or website redirects.
  • Be careful when sharing QR codes through email or SMS messaging using unfamiliar sources. If you are uncertain about where the link is coming from and can be trusted, do not scan it with your device.
  • While making payments via QR code, always ensure that you check the recipient's name on the transaction gateway window. This way, you can avoid sending money to any wrong person or scammer.
  • Leave the website immediately if it looks suspicious. You can also use a free VPN tool to protect your connection. Say you get redirected to a website using HTTP instead of HTTPS. A VPN encrypts your connection, preventing anyone from intercepting it.
  • Before scanning a QR code, double-check that it is genuine. Is it a real company? Is there a discrepancy between the QR code and the organization's website? Scan the code if everything looks correct.

Remember, while QR codes are useful tech tools, they should always be used responsibly. Do not scan any QR code that cannot be verified as authentic, or one sent from an unknown source.