We see them everywhere, but do you know the cyber security risks with QR codes? Hackers have a new attack vector.
QR codes resemble barcodes in appearance and consist of white squares with black markings on both sides. When the COVID-19 pandemic swept through the country, QR codes became more popular, allowing touchless transactions, such as scanning a QR code to view an online menu. COVID-19 screenings and contact tracing have also been conducted using QR codes. In recent years, QR codes have been used for proof of vaccination requirements, giving threat actors new opportunities to exploit QR codes and access your personal information.
How do QR codes work?
Through your device’s camera lens, you can read information from QR codes. User activities related to QR codes fall into three categories:
The most common activity is consuming. Reading menus or other documents can be done by scanning a QR code.
The practice of sharing is becoming more common. In order to verify information (for example, airline boarding passes, lottery tickets, or vaccination records), users present their 2D code.
An application may generate a code if it requires one to perform a particular action, such as pairing a smart watch with a smartphone.
Cyber security risks with QR codes is a serious threat.
Actions associated with QR codes
When scanned, the QR code’s decoded text can trigger the following actions:
- Launching a website
- An app can be downloaded
- Connecting to a Wi-Fi network
- Information verification
- The creation of a contact
- Emailing or sending a message
- Making a phone call
What are the risks associated with QR codes?
Personal information can be contained in QR codes. Alternatively, they can execute an action that prompts you to enter personal information, such as opening a fillable PDF or online form. Scanning the QR code will display the stored information on your device once the information has been entered. A QR code can also be generated once an online form has been completed.
Scanning a QR code could expose you to the following risks:
- The site collects metadata associated with you, such as your IP address, location, and the type of device you used to scan the code.
- In the event that you used your credit card number to purchase goods or services, your financial information may be exposed.
In addition to performing functions, QR codes can also pose risks, such as enabling threat actors to infect devices with malware, steal personal information, or conduct phishing scams:
- Authentic QR codes are cloned by threat actors to redirect you to malicious sites or infect your device with malware to steal your personal data.
- Phishing and malware attacks leverage QR codes. QR codes that direct users to fraudulent sites can steal credentials, credit card information, or corporate logins, or automatically download malicious software onto mobile devices.
- A threat actor places malicious QR codes in public places in the hopes that passersby will scan them.
- When phishing is used, threat actors can embed QR codes inside phishing emails or use them to direct users to phishing websites that ask for personal information.
- Third-party scanner apps can be used by threat actors to spread malware and access your mobile device’s privacy settings, such as viewing your network connections or modifying the contents of your USB storage. To scan QR codes, you should use the camera built into your device or a secure code reader application.
What is the best way to protect yourself from QR codes?
- Consider using a browser with anti-tracking features and using private browsing mode on your devices.
- If a QR code is scanned and a password or login information is requested, be cautious and carefully verify the website URL.
- Ensure that cookies and site data are disabled in the browser settings.
- When completing online forms, provide as little personal information as possible.
- When checking in or accessing a service, ask about the company’s privacy policies.
- The QR code action should be launched after you have asked for permission and verified.
- A suspicious website will open when you scan the QR code. Close your web browser.
- Set up your devices to receive automatic updates.
Personalized QR codes
- Organize your QR codes (such as vaccination proof and boarding passes) into a secure folder on your device.
- Scanning your code should only be done by a verified and secure application (such as a vaccination verification app from the provincial government).
What is the best way to protect yourself from QR codes?
- Activating the QR code action automatically on your devices.
- An advertisement posted on the street or a QR code posted in a public setting.
- QR codes can be scanned if they are printed on labels that might cover another QR code. Verify its legitimacy with a staff member first. There is a possibility that the original QR code has been updated by the business.
- Unless you are sure the QR codes are genuine, do not scan them in emails or texts.
- Unknown companies or institutions release QR scanner apps.
- The convenience of convenience is put before the security of the system. Instead of scanning a QR code, type in the website URL to view content, such as a restaurant’s online menu.
Now you know the cyber security risks with QR codes.
365 iT SOLUTIONS offers dependable IT support services to businesses in Toronto, making them a valuable resource for your IT needs.
Our Complimentary Network and Security Assessment can put your IT to the test against other Toronto managed IT services providers.
365 iT SOLUTIONS offers Toronto award-winning services including:
- Managed IT Services Toronto
- IT Outsourcing Services Toronto
- Tech Support Services Toronto
- IT Support Services Toronto
- Cloud Services Toronto
- Managed Security Services Toronto
- Cyber Security Training and Dark Web Monitoring Toronto
- Business continuity and disaster recovery (BCDR)Toronto
We Make IT Simple!