- Quick Response Codes, or QR Codes, continue to generally grow in popularity, especially due to COVID-19. Hackers are aware and are looking to possibly attack consumers with the digital barcodes.
- There have been attacks in India and Brussels in 2020. Malwarebytes reports the U.S. saw QR Code scams and attacks in 2019.
- To reduce their chance of a compromise, QR Code users should be somewhat skeptical when using one of the digital cubes. Look for things that might seem out of the ordinary – like asking for logins, passwords or payment information. Ask an employee if you encounter something you think is odd.
- For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.
Quick Response Codes, also known as QR Codes, have generally grown in popularity over the years. COVID-19 has sped the use, with an increasing number of businesses using QR Codes for contactless encounters and transactions. However, hackers are aware of the rise, which could mean QR Code security threats to consumers who use them.
What is a QR Code?
QR Codes are digital barcodes often used for electronic tickets for travel or events, to view a restaurant’s menu, or to share product information at a retailer. They are a quick way to get people to websites, promotional codes and mobile payments.
QR Code Security Threats
The convenience of QR Codes comes with security risks too. According to a survey of consumers conducted by MobileIron, 71 percent of respondents could not tell the difference between a malicious QR Code and a legitimate one. Also, more than 51 percent of respondents did not have mobile security on their devices (or did not know if they did) to provide QR Code security in case of a QR Code-related attack.
Attackers can take advantage of people’s trust in QR Codes by embedding malicious software into the digital cubes. MobileIron says they expect QR Code attacks to increase in the near future. The attacks would steal data from mobile devices or lead to phishing websites that could harvest credentials and other personal information.
What You Can Do
Attacks can lead to many different actions that range from inconvenient to malicious. This includes risky texts, emails, initiating a phone call, or adding a contact listing. However, there is one thing consumers can do to protect themselves: be skeptical.
- If you see what seems to be a QR Code physically pasted on top of another, ask an employee. The restaurant or retailer may have just updated their QR Code, but it could also be a sign of a malicious code.
- Before scanning the QR Code, check the website address of the code. Many phones will allow you to view the web address before you scan it. If you are unsure about the website, you can safely view the site by searching it by adding a “+” sign after the URL. You can also ask an employee about any suspicious website addresses.
- Only scan codes from trusted entities. The Identity Theft Resource Center (ITRC) always tells consumers to use trusted entities when donating to a charity or shopping online because there is less risk. The same advice applies to QR Codes. A trusted entity will be less likely to have a malicious QR code on a restaurant menu, plane ticket or promotional code.
Contact the ITRC
Consumers need to be aware of QR Code security threats. The more people protect themselves, the harder it will be for identity thieves to succeed in hacking people using QR Codes. If you would like to learn more or believe you have been a victim of a QR Code attack, contact the ITRC toll-free at 888.400.5530 or on the company website via live-chat.