In today’s digital world, QR codes are placed on almost everything – from yogurt containers and restaurant menus to museum exhibits, and even utility bills and parking lots. People use them to open websites, download apps, collect loyalty program points, make payments and transfer money, and even for charity donations. The accessible and practical technology is convenient for many, including cybercriminals, who have already rolled out a variety of QR-based schemes.
Kaspersky experts have identified the top security risks when scanning QR codes:
- Phishing and redirection to malicious sites: QR codes can direct users to fraudulent websites designed to steal personal or financial information, such as passwords and credit card numbers. Attackers can impersonate legitimate sites, such as banks or streaming services, and trick users into entering their credentials.
- Malware download: Some QR codes can trigger the download of malicious applications that compromise the security of the user’s device, especially if it is not protected against unauthorized installation.
- Payment fraud: During special events or sales periods like holiday sales, a fake QR code can redirect users to make payments to fraudulent accounts.
- Unsafe automatic connections: A QR code can also automatically connect the user to Wi-Fi networks controlled by cyber attackers, allowing them to intercept their communications.
“QR codes are a fertile ground for potential manipulation, especially as they appear in various everyday contexts such as receipts, flyers, and signage. Attackers have nearly endless possibilities to exploit them. As these codes have already become an integral part of our daily lives, it is essential for users to know how to use them safely and responsibly,” says Seifallah Jedidi, Head of Consumer Channel for META at Kaspersky.
In order to not fall for a scam when scanning a QR code, Kaspersky experts recommend:
- Verify the source: Scan QR codes only from trusted and known sources. Avoid scanning codes in public places that may have been tampered with.
- Check the URL: If you really need to scan a publicly available code, verify that the web address it directed you to is legitimate before taking any action on this website.
- Don’t share personal information: Avoid entering sensitive information if you’re not completely sure of the origin of the QR code.
- Protect your digital life: Install a cybersecurity solution with anti-phishing and anti-fraud protection, such as Kaspersky Premium, on all your devices; it will alert you to any danger timely.