Smart Scanning: A QR Code Security Primer

by | May 15, 2023 | Security

During the COVID-19 pandemic, a little square of black-and-white shapes had a remarkable comeback from near-extinction. In a suddenly touchless society, QR codes became integral to many parts of our everyday lives. Acting as an onramp to fast, hassle-free contactless transactions on the go, these humble square patterns are now ubiquitous.

A QR code is a type of barcode composed of small black and white squares arranged into a larger square. This matrix barcode can hold long data strings. It can be rapidly scanned and read by the camera on your mobile device, catapulting you onto a webpage in seconds. Speed is integral to the name itself, with QR standing for “Quick Response.”

They’re now commonplace in restaurants, where diners can scan a code to access digital menus, avoiding the physical copies touched by hundreds of previous customers. City governments stuck them to parking meters for payments. At the same time, marketers add them to various promotional assets to streamline customer engagement.

But as with some technology, there’s a darker side. The same convenience that has made QR codes so popular also makes them a ripe target for exploitation by cybercriminals. So let’s talk about QR code security.

Take, for example, a QR code on a parking meter. A tech-savvy criminal could replace a legitimate code with a malicious variant, steering users toward a phony website to steal credit card details. Likewise, a code in a restaurant could lead to a malicious app being installed on your device instead of providing the menu.

Sometimes, the ploys are more intricate. Cybercriminals even impersonate business owners, using social media to circulate virtual business cards with malicious QR codes.

Despite these threats, there’s no need to forsake the convenience of QR codes entirely. A bit of vigilance and some common-sense safeguards can shield you from these digital predators. Here are a few tips to keep top of mind:

  1. Use your device’s built-in QR code scanner wherever possible. If your device lacks this feature, download a trusted third-party scanner from your device’s official app store. (Note that this doesn’t protect you from malicious links, the intent is to avoid downloading a malicious QR code app from an unregulated app store.)
  2. Be mindful of potential physical tampering. Cybercriminals often overlay their own QR stickers on top of legitimate ones. For example, if you’re in a retail store or restaurant and something seems off, ask a staff member to verify the authenticity of any questionable codes.
  3. Avoid scanning QR codes from unknown sources, whether in the physical world or on the internet. Cybercriminals love exploiting curiosity, hoping you’ll scan before double checking.
  4. Always preview the link revealed by your scanning app. Be vigilant for misspellings or extra characters in the web address that might hint at mischief. This can be difficult when the link is shortened (e.g., Bitly) and so when in doubt, don’t click.
  5. Don’t enter sensitive personal information into a website reached via a QR code unless you are sure it’s the legitimate site you intended to visit.

By staying alert and thinking before you scan, you can enjoy the convenience of QR codes while avoiding the snare of cybercriminals. In the digital world, as in the physical, vigilance is the key to safety. Let’s not let the convenience of QR codes blind us to the potential risks.

Related Content