In today’s tech-savvy world, QR codes are everywhere. They’re on menus, flyers, and even in commercials. QR code phishing, or quishing, is a social engineering phishing attack that intentionally deceives its recipient into scanning a QR code, redirecting the person to a bogus website.They’re like the popular kids in high school—everyone wants to use them. But just like those popular kids, there are a few shady characters lurking in the background. Enter the QR code scam! Let’s break down how cyber criminals are using these little squares to pull off their sneaky tricks.
What is a QR code?
A QR code is a type of barcode that can be easily read by digital devices and stores information as a series of pixels in a square grid. QR codes are often used to track product information in supply chains, and because most phones have built-in QR readers, they are often used in marketing and advertising. Recently, they have played an important role in helping to detect exposure to the coronavirus and reduce the spread of the virus. The first QR code system was developed in 1994 by the Japanese company Denso Wave, a subsidiary of Toyota. It needs a more accurate way to track cars and parts during the manufacturing process. To achieve this, they developed a type of barcode that can encode kanji characters, rather than letters.
A standard barcode can be read in one way: top to bottom. This means that they can store a small amount of information, usually in the form of letters. But QR codes can be read in two directions: top to bottom and right to left. This allows it to access a lot of data.
Data stored in QR codes can include website URLs, phone numbers, or up to 4,000 characters of text. QR codes can be used to:
Create a direct link to download the app from the Apple App Store or Google Play.
Verify online account and verify login information. Access Wi-Fi by saving private details such as SSID, password and encryption type.
Send and receive payment information. And much more: A British company called QR Memories creates QR codes to be used on headstones, allowing people to scan the code to learn more about the life of the deceased (if and they have a newspaper or magazine about it online).
The development team behind the QR code wanted to make the code easy to scan so users wouldn’t waste time placing it in the right corner. They also need a unique design for easy identification. This is why they chose the square symbol, which is still used today. Denso Wave made its QR code public and said it would not use its copyright. This means that anyone can create and use QR codes. The concept was adopted slowly at first, but in 2002, the first phones with built-in QR code readers were released in Japan. The use of smartphones has led to an increase in the number of businesses using QR codes. In 2020, Denso Wave continued to improve on its original design. Their new QR codes include traceability, brand protection and anti-theft measures. QR codes are used in many applications, from transferring payments to tracking the location of objects to augmented reality.
How to avoid QR code scams
Before scanning a QR code, such as in a restaurant or other public place, check to make sure it has not been tampered with or that a sticker has not been placed over the original code. Installing antivirus software to scan the original QR code without malicious links will help you prevent other viruses or malware from being downloaded to your mobile.
Check out the other QR code links. When you scan the QR code, a URL preview should appear. Make sure the website address is correct. Look for the lock symbol on addresses starting with “https://” Only these URLs are secure. Think twice if you are redirected or a website asks you to provide personal information. If so, make sure they are genuine. Helping Santander customers fight cyber fraud
Santander is running a number of initiatives to help customers and employees understand the role of digital devices and the dangers of using them inappropriately. We use financial literacy to increase public knowledge about family finance, cybersecurity and digitalization. In addition, our new Cyber Heroes initiative and cybersecurity podcast Titania help us connect with the younger generation. Our mission is to give people a way to manage their money better.
QR codes are common in their systems
Online and offline QR code cheats
QR code cheats come in many different forms. Attacks can be online, in the body of an email, or in a YouTube stream. There are also ways to attack offline users, requiring fraudsters to modify or paste fake QR codes onto existing ones. They hope that potential victims will scan the malicious QR code and share useful information. Fake QR codes and hacked websites
Fake QR stickers lead people with problems to fake websites. People may think it’s a good site to buy music or order food from the menu, only to realize the site is fake and the customer has been misled. Fake QR codes can be found on products. Customers will assume the code is genuine and scan it to realize that the website loaded with the QR code is not genuine. Even if the victim doesn’t buy anything or share personal or banking information, a fake QR code can direct them to a malicious website. This website may install keyloggers or other malware that spy on victims and steal sensitive information. Bad QR codes and popular ads
Hackers sometimes create malicious code and try to find popular sites to post it. They can be sent to millions of people, posted on social media, or uploaded to YouTube. Criminals hope that bystanders will take out their smartphones, scan the code and end up on a malicious web page that prompts the user to download malicious files or provide valid login credentials.
What’s a QR Code, Anyway?
Before we dive into the dark side, let’s clarify what a QR code is. Quick Response (QR) codes are like barcodes, but cooler. You scan them with your smartphone to quickly access a website, a video, or even a menu. It’s all very convenient—like having a personal assistant, but without the awkward small talk.
The Rise of QR Code Scams
As more people use QR codes, cybercriminals have decided to crash the party. They’ve figured out that they can create fake QR codes that lead to phishing sites, malware downloads, or even dubious payment requests. It’s like offering you a slice of cake, but it’s actually a fruitcake—no one wants that!
How Do These Scams Work?
- Fake Flyers or Posters: Scammers print out fake flyers with their QR codes and put them up in busy areas. You scan the code, and—surprise!—you’re taken to a sketchy website asking for your personal information or money.
- Compromised Codes: Sometimes, legitimate QR codes get replaced with malicious ones. Imagine you’re at a coffee shop, and you want to pay. You scan a QR code on the table that looks official, but it’s really a scammer’s code leading to their PayPal account. Yikes!
- Public Wi-Fi Traps: Ever notice QR codes for free Wi-Fi? Some scammers use these codes to lure you in. You scan, connect, and suddenly they have access to your data. It’s like inviting a stranger to your housewarming party—definitely not a good idea!
How to Spot a QR Code Scam
Now that you know how these scams work, let’s talk about how to protect yourself. Think of it like being a detective in a crime movie. Here are some tips:
- Check the URL: If you scan a QR code and it leads you to a website, check the URL carefully. If it looks suspicious or is full of random letters and numbers, it’s time to back away slowly.
- Look for Signs of Tampering: If you see a QR code on a flyer, check to see if it looks like it has been tampered with. A code that’s been hastily stuck over another one? Red flag!
- Avoid Public Wi-Fi QR Codes: If a QR code promises free Wi-Fi in a public place, think twice. If you wouldn’t let a random person use your phone, don’t connect to unknown networks.
- Use a QR Scanner App: Some apps can scan QR codes while also checking the links for safety. It’s like having a bouncer for your digital life—keeping the riffraff out!
In Conclusion: Stay Smart, Stay Safe
QR codes can be incredibly useful, but they come with risks. Cybercriminals are always looking for new ways to exploit technology, so it’s essential to be vigilant. Remember, if a QR code looks suspicious, trust your gut—just like you would with that mystery dish at a potluck.
So, the next time you whip out your phone to scan a QR code, do it with your eyes wide open. Stay safe out there, and may your codes always lead to pizza, not phishing!