Cybercriminals can exploit the quirky-looking labels that have multiplied during the pandemic
They resemble selfies taken by space aliens, but these black-and-white squares have a name: quick response codes, or QR codes. And they’re seemingly everywhere these days.
QR codes have grown increasingly common during the pandemic, cybersecurity professionals say, as coronavirus fears have triggered a demand for touchless transactions. You can show a QR code on your smartphone screen to board an airplane or enter a sporting event, or use your phone’s camera to scan a code to learn when the next bus is due or to peruse a restaurant menu.
The codes also appear in direct-mail ads and at retail outlets. Stroll a pharmacy’s aisles and you’ll see QR codes on packaging for a range of consumer products, from baby food to over-the-counter pain relievers. Scan the code to visit a company’s website, get more information about a product, or perhaps even score a coupon or discount.
Danger can lurk behind QR codes
While many of the machine-readable optical labels are trustworthy, some can be downright dangerous. And if you fall victim to a crook lurking behind a fraudulent QR code, you may, in fact, need that extra-strength pain relief.
Here are seven things to keep in mind before scanning a QR code:
- Fraudsters have used QR codes for years. The codes came on the scene 27 years ago when Japanese automakers used them to track parts and inventory. “Whenever a new technology or a new offering comes out, cybercriminals look for ways to manipulate it,” says Angel Grant, vice president of security for Seattle-based F5 and a certified information-systems security professional. “So we’ve seen criminals targeting QR codes pretty much from when they were originally put out.”
- When eyeballing a QR code, remember those lessons from Cybersecurity 101. Just as you should never click on suspicious hyperlinks or download fishy attachments — especially anything sent by strangers — you should avoid suspicious QR codes, which can take you to weird websites or sites that are created to look safe but are nothing but trouble.
At worst, a crook can download malware or direct you to a fraudulent website to try to steal your money, grab your personal and financial data or log-in credentials, and wreak havoc. Your online financial accounts, peer-to-peer payment apps, contacts, social media accounts and photos are among the things that could be compromised.
- Criminals have been known to distribute fliers with malicious QR codes or to attach stickers with fraudulent codes over existing, legitimate ones in public places such as bus stops. Consider the criminal who slapped fake parking tickets on windshields and offered the supposed scofflaws the option of paying their fines by scanning QR codes, says Tracy C. Kitten, director of fraud & security for Javelin Strategy & Research. “And when you scan it, malware [malicious software] gets installed on your device to access your personal info and a whole host of other info,” Kitten says.
- Do not trust a QR code that was supposedly emailed by a friend (whose account may have been hacked) or that appeared in a text, online post or mail piece. Instead, use a browser and visit a website using a domain name you know is legit.
- Avoid using a QR code to pay a bill. There are many other payment methods that are less susceptible to fraud.
- QR codes may seem harmless, not least because the naked eye can’t detect what the codes are programmed to do. So trust your gut, Kitten advises. “If the code is stuck to the side of a napkin dispenser and looks suspect, don’t use it. Ask for a menu.”
- Consider adding protection that checks for malicious or inappropriate content, advises Grant, who says many firms, including Sophos Mobile Securityand Kaspersky, offer mobile products.
QR codes can come in handy
The bottom line: QR codes can be created quickly and easily, but like other tech tools highjacked by fraudsters, they also serve a legitimate purpose in commerce and everyday life.
A couple of her friends, Grant says, use QR code generators to share their Wi-Fi passwords with guests, “because when their kids’ friends come over, they’re always like, ‘Hey, what’s your Wi-Fi?’
“So now when their kids’ friends come over, they go over to the refrigerator [where the QR code is placed] and now they’re on the house Wi-Fi without having to bother the parents all the time.”
Written by: by Katherine Skiba, AARP
Katherine Skiba covers scams and fraud for AARP. Previously she was a reporter with the Chicago Tribune, U.S. News & World Report, and the Milwaukee Journal Sentinel. She was a recipient of Harvard University’s Nieman Fellowship and is the author of the book Sister in the Band of Brothers: Embedded with the 101st Airborne in Iraq.
The Best & Worst States in America for Online Privacy: CLICK HERE