Why QR Codes Are More Dangerous Than You’d Think

In recent years, QR codes have started popping up everywhere from restaurant menus to gas station pumps. Prior to COVID, the use of these by businesses and corporations was already on the rise, but since the pandemic encouraged the use of touch free technology, their popularity has continued to skyrocket.

By simply hovering over the code with a phone, these little black and white squares allow people to view images, make payments, or visit websites. Chances are, you’ve used one at some point whether it be to take advantage of a discount while shopping, or to learn more about an exhibit while at a museum.

However, while these random combinations of pixels may seem harmless, their simplicity and usefulness are actually what make them such a perfect tool for criminals.
So, before you get a chance to scan another QR code, let us explain how these codes work, why they pose such an overlooked security risk, and things to look out for when scanning any in the future.

What exactly are QR codes?

The acronym QR stands for “Quick response”, because of how instantaneous the data stored in the code is read and then conveyed to your device. These codes act like barcodes but contain a lot more information, allowing them to take users to things like images, landing pages, websites, or social media profiles.

They are primarily used today as a popular marketing tactic for both small businesses and large corporations alike, but as stated earlier, these codes are becoming so popular that they’re even starting to replace physical things.

Restaurants during covid started using them instead of menus, and if you’ve visited a zoo, museum, or art display lately, you may have seen that QR codes are all over the place, directing you to webpages that provide you with information about an exhibit.
There are so many applications that QR codes can be used for that it’s safe to assume their usage is only going to increase. This isn’t a bad thing by any means, as QR codes themselves aren’t inherently malicious. It’s the tactics that criminals use to take advantage of them that remains an area of major concern.

What makes using QR codes so dangerous?

Simply put, until a code is scanned, there’s no way of verifying the legitimacy of what’s on the other side of the code itself.

Once scanned, you could be taken to a malicious website that’s waiting to install malware or steal your financial or personal information. These sites can look legitimate and may even replicate the site that the original QR code was supposed to take you to.

By printing stickers, all they have to do is slap the new code over the old one or put them in places you would expect them to be.

Here’s an example of multiple QR codes commonly found on gas station pumps.

Would you be able to tell if a criminal put those there or not?

It doesn’t help that all three options are stickers, making it even harder to discern if the codes are truly authentic.

Sure, a person may realize it’s a scam if they aren’t getting any fuel, but by then it may already be too late.

To see an example of how QR codes work here’s a code you can scan yourself that will take you to Carrie’s recent interview with ABC7 News regarding the increase in QR code scams.

Or here’s the direct link instead https://abc-7.com/news/2023/05/01/fbi-warns-of-qr-scamming-trend-on-the-rise/

FYI: That QR code took us seconds to make. Creating these codes takes minimal effort and can redirect people anywhere the creator wants.

How can you protect yourself?

It should go without saying that you shouldn’t use a QR code unless you really have to or you’re confident in the legitimacy of the code. Proving the legitimacy can be a lot easier said than done however, as it’s impossible to truly tell if the code is real or not.

A few general rules of thumb are:

• Look or ask for alternative ways to access the content, like requesting a physical menu, or paying, download the app or go to the parking website as opposed to accessing it with the QR code.

• Always check to see if it appears as if a sticker has been placed over an old code (keep in mind that some places may use stickers for their legitimate QR codes).

• If the website the QR code takes you to feel suspicious or ask for any sensitive information, close out and move on.

Lastly, if you have any questions concerning the legitimacy of the codes, you could always ask the owner or an employee of the organization to confirm they put it there.