Graphic black and white squares, known as Quick Response (QR) codes, have been popping up everywhere these days, from in the pages of magazines to the sides of buses and billboards.
Using a QR reader app on your smartphone, you scan a code that directs you to online content, such as information and promotions on a product or service. But while these two-dimensional barcodes are meant to be a fun and convenient way for companies to engage with their customers, they can also spell danger. As it turns out, these codes can easily be rigged by scammers to direct you to a dangerous website or application, putting your mobile security at risk.
Although QR codes were initially created to track automobile parts, they have become popular as marketing tools since the codes peak consumers' curiosity and save them time from typing in a web address. But like with other technologies, cybercriminals have taken note of their growing popularity and are using them for their means.
Now, all a scammer has to do is go online and create his own QR code and embed a link to a dangerous web address. He can then post this code online, or print out stickers of the code and disseminate them in public, even over legitimate QR codes.
The real danger of these codes is what makes them so much fun—the element of surprise. Simply put, you don't know where you will be directed to until you scan the code, so you have no way of checking to see if the web address appears legitimate, unless you use a QR reader with a URL preview function.
If you scan a dangerous code, you could wind up on a phishing website that asks for your personal information, or on a site containing a browser exploit, or vulnerability, that changes your Internet options, blocks functions, or redirects you to other dangerous sites. You could even be directed to a website that contains a Trojan that can infect your phone.
Another cause for concern is dangerous applications. You could scan a code advertising a great new app and get directed to a malicious application that accesses your personal information, or even causes your phone to send premium-rate texts or dial long distance numbers, leaving you with a hefty phone bill. It could also spam you with text messages.
Given these threats, it's important that you take these precautions when using QR codes:
- Be suspicious of QR codes that offer no context explaining them. Malicious codes often appear with little or no text.
- Before you scan the code, do a reality check. Ask yourself if the brand has advertised a QR campaign, and whether there is enough information to convince you that it is a legitimate piece of marketing.
- If you arrive on a landing page via a QR code, never provide your personal information, and never provide your log in information since it could be a phishing attempt.
- Use a QR reader that offers you a preview of the web address that you have scanned so that you can see if it looks suspicious before you go there.
- Make sure that your mobile device has security software, such as McAfee® Mobile Security, which includes mobile antivirus protection and the SiteAdvisor® safe search technology, which can warn you of dangerous websites embedded in QR codes.
By taking these precautions you can still enjoy the fun nature of QR codes, while keeping your device and information safe.