QR codes are simple, easy to use and can store a lot of data in them. While these small bar codes are great for tracking items in a supply chain, they can even be used to help direct customers to sales pages in stores or act as digital business cards.
If you’re not a cybersecurity company in Miami like we are, you likely never think of the potential dangers these codes pose.
Anything digital can have security risks and potential dangers. QR codes are no exception. If you plan on using quick response codes in your company or use them yourself, keep the following points in mind:
1. Hacking Potential and Malware
How does someone hack a QR code? It seems far-fetched, right? Well, imagine walking into the Apple Store and you scan a QR code on a display. You trust the code because it’s in the store, but someone could have placed their own QR code over the original.
If you’re not looking at the display closely, it’s plausible that you didn’t even notice the discrepancy until it’s too late.
However, Apple is a huge company and likely has good in-store security that would squash this "hack" quickly. Instead, reports of fake QR codes showing up at the following locations show how hackers can install malware on your devices in:
- Parking lots
- Public places
- Trains
- Etc.
Sometimes, the code will have a popular company’s logo on it to create trust with the viewer, who doesn’t realize that the code doesn’t belong to Apple.
2. Quishing
A new word in cybersecurity in Miami that we see popping up a lot is “quishing.” Security risks rise at restaurants or parking meters to try and extort money from people. Imagine going out to your car. You have a ticket on your windshield, and it says to scan the QR code for more information.
This is quishing.
The person may be trying to:
- Steal information, such as your license number, address and so on
- Request money for the ticket and steal it
In fact, quishing was just in the news because they’re rising in popularity and creating such a sense of urgency. Most people fall for it before they even have time to consider that it may be fake.
Phishing scams using QR codes is called quishing and involves all of the scams found in phishing.
3. Location and Data Dangers
QR codes can lead you to a site that collects your location data and sends it to a third party. Codes can also prompt you to text someone or call them. The recipient can then use other tactics to try and steal your information.
Thankfully, QR codes are easy to strengthen. You can install an antivirus on your devices, two-factor authentication on your accounts and never scan unknown codes to ignore the dangers quick response codes pose.
QR codes are certainly useful and have real-world applications that make them very useful. Just make sure that you never download apps or send messages that the code is trying to force or follow suspicious links.