Quick Response (QR) codes have quickly become part of our everyday lives – they provide quick, contactless check-in procedures. But with that simplicity, comes a certain risk. Cybercriminals can exploit these seemingly harmless tools by placing their own tainted QR codes over legitimate ones which, when scanned, could take users to phishing websites, illicit materials, or even redirect you to a URL with a malicious file.
Quick Response (QR) codes have fast become a feature in everyday life across the UK, not least as a result of track and trace system requirements in shops, restaurants, and businesses. They make information easy to access and provide quick, contactless check-in procedures, but with that simplicity comes a certain risk.
One of the dangers of QR codes is that people can’t read or understand the information on the image without scanning it, which could expose their device to malicious files or materials. Criminals can place their own tainted QR codes over legitimate ones on public signage or tables in restaurants, for example, which when scanned could take users to phishing websites, illicit materials, or even redirect you to a URL with a malicious file (APK or JAR).
A tainted QR code might ask a user to download a malicious app containing malware, which could then steal personal information like address and credit card details, turn on location tracking, send messages to premium numbers or even steal social media log-ins.
We want to encourage everyone to be cyber safe when they’re out and about this festive season and one of the ways to do that is to use a reputable QR scanner, like the Kaspersky QR Scanner, to check a code without the potential dangers of device intrusion. If a code on a poster or in a restaurant looks tampered with, then you can always ask the establishment that you’re in to advise, but the best way to stay safe is by having appropriate security software downloaded onto your device already. Of course, we encourage everyone to be responsive to government guidelines on track and trace, but it’s also important to keep in mind procedures to keep your information and devices safe too,” says David Emm, Principal Security Researcher at Kaspersky.