Tuesday, February 12, 2013 - Almanac Vol. 59, No. 21
Be Aware of QR Code Risks
Most of us are familiar with Quick Response (QR) codes - the two-dimensional bar codes that contain a link to a website and can be read by smartphone cameras with supporting apps. (See example at right, or go to http://www.upenn.edu/computing/security/assets/images/almanac_qr.jpg) These codes make it possible to reach websites through the simple action of scanning. However, did you know that in addition to providing this new level of convenience, QR codes can present significant risks?
For example, imagine that you're walking by a poster advertising a movie, and you notice that it includes a QR code. Since you're interested in the movie, you pull out your smartphone and scan the code - only to arrive at a blank url. What you don't know is that the QR code is in fact a sticker attached to the poster by a fraudster. When you scanned the code, a malicious program was installed on your phone; it is now sending premium texts to out-of-country numbers and racking up substantial charges on your phone bill.
One way to avoid QR code risks - such as installation of malware, or connection to phishing sites - is, of course, to avoid scanning them. Instead, you can use a trusted search engine to find information or type in known web addresses yourself.
However, if you do choose to use QR codes, here are some tips from the Get Safe Online organization for using them safely:
- Be sure that any QR code reader app you download is from a trusted source.
- Be aware that some commonly available QR code readers include the ability to check the authenticity and safety of destination websites before you are taken there.
- When possible, check visually for any indications that a QR code has been tampered with (for example, replaced by a sticker).
- Never enter personal information on a website to which you have been directed from a QR code.
For more information visit https://www.getsafeonline.org/smartphones-tablets/qr-codes/