QR codes: can they be dangerous?
How a QR code works
First of all, we are going to explain what a QR code is. It is something that in recent years has become very popular to enter web pages, download applications or even give our contact to others. For example, we can see it in a restaurant, placed on the table, to be able to see the menu on our mobile.
It's basically a square, like a barcode, filled with dots. It is capable of storing information and when we read it with our mobile it shows us the stored data. For example, it can be a QR code that takes us to a URL to open it with the browser.
We can see this type of code in many places. Very common, for example, are tourist places. We are in front of a monument or a work of art and just by scanning that square with our mobile, it will show us a page with all the information. This avoids having to print papers or put up information panels.
Why QR codes can be dangerous
The problem is that these QR codes can be dangerous. Actually, anyone can create one and we will not see any difference between a legitimate one and one that is fake, with the naked eye. That is, even on a table in a bar we could find a sticker that the owners of the premises have put and another next to it that anyone has put and takes us to a false page and we would not be able to differentiate them.
Method to send malware
One of the goals of fake QR codes is to sneak malware onto victims' devices. Let's say we open a code with our mobile to access a restaurant menu or view information from any site. That code is going to open a URL. However, it does not take us to a legitimate page, but rather leads us to another controlled by the attacker.
That website may contain malware. For example, it could invite us to download a program. They could even have created that code to simulate that it is from the restaurant and a file appeared to download the menu from that site.
However, by opening that file or link, we are actually downloading malware. It can be a virus, trojan, keylogger ... Any malicious file that aims to steal data or make the computer malfunction.
It is also very common that they can use a QR code to steal passwords through Phishing attacks. After all, we are entering a web page through a URL that could be easily forged. That address can take us to a site that pretends to be a social network such as Facebook or Twitter, an email account, etc. By putting the password, we are actually sending it to a fake site.
Phishing attacks are widely used by hackers today and this type of code has also served to empower them. At the end of the day, they only need the victim to enter the page that they have created similar to the original and enter the data.
Collect user data
Another thing they could achieve with a fraudulently created QR code is to collect information from users. For example, they could ask us to fill out a form to be able to access the menu of a restaurant or to see the content of any tourist place where we are.
This data can include the name, surname, address, email, telephone number ... They could use it to include us in Spam lists and thus send targeted advertising. It is something that many marketing companies look for and one technique to achieve it is this.
How to be protected and avoid problems
After seeing what a QR code is and how it could infect our computers or steal passwords, we are going to give some tips to be protected. In this way, just by taking into account some recommendations we can improve security.
Common sense at all times
The first and most important thing is common sense. It is essential to verify well which URL we are trying to open and see the address. Sometimes only with this we can detect a possible Phishing attack or know if we are entering the official version of any page.
Of course, we will also have to be alert in case we have to download a file. This could make us suspicious if, for example, we only want to see certain information but they ask us to download a program. Never download files without really knowing if they are reliable.
Another tip is to always have security programs installed. It does not matter if we are browsing from the computer or mobile, at any time we open a QR code we can be victims of attempted attacks. What better way to be protected than to have an antivirus like Windows Defender, Avast, Kaspersky, or any other guarantee.
If due to any mistake we make, we download a file or enter any page that may insert an add-on or code that puts security at risk, an antivirus can help us eliminate it quickly.
Have the devices updated
Sometimes it may be that when downloading a file or even entering a page they can take advantage of problems on our mobile or computer. This happens if they are out of date and there are vulnerabilities. For example, some viruses can get installed if we have certain failures in the system that have not been corrected.
Therefore, another tip is to always have the equipment updated. You have to install the latest versions of both the operating system and any program that we use. This logically includes the application with which we open the QR codes and the browser itself.
Use a secure code generator
We have seen how to avoid problems if we are going to open a QR code, but how can we create codes safely? The main thing is to use a code generator that is reliable. There are many options that we can see on the Internet or with mobile applications. Not all are going to be safe, logically.
If, for example, we are responsible for a restaurant and we want customers to be able to see the menu with a QR code, that code has to be secure. This way we will prevent clients from reaching another page that is not secure or from downloading an inappropriate file.
Therefore, QR codes can become a major security problem. We must always know if we are opening a safe one or it could be a fraud. It is essential to have your equipment protected and also to maintain common sense.