Thanks to Covid, we’re all familiar with QR codes.
Of course, with Covid, we were using the official tracer app to scan them, but in normal use, you can just use your phone’s camera to open the link.
It’s a great way to make it easy to visit a website without having to type it into your browser. It’s excellent to use in print advertising or signs to allow viewers to jump to the web to get more information. A common use might be menus in food service, and under Covid, we’ve seen an increase in mid-market restaurants simply putting a QR code on the table so you can download their menu or even place your order.
Unfortunately, QR codes are a great way for hackers to redirect you to infected or bad websites.
The FBI say:
- Check the QR code before scanning it. Make sure it hasn’t been altered and isn’t on a sticker that’s been placed over the original code.
- Avoid using a third-party QR scanner. Your phone camera should be adequate and it is safer than an app that might be compromised.
- Don’t install an app based on a QR code. Always use the app store that comes with your phone for finding and installing apps.
- If you receive a QR code via email, don’t use it unless it’s from someone you know. Even then, contact the sender directly to verify they sent it to you.
- Double check the URL that a QR code sends you to before taking any other action on that website. Make sure the domain name is spelled correctly, as scammers often use a URL that’s almost identical to the legitimate one.
- Avoid making payments to a site that you accessed via a QR as much as possible.
Refer : Internet Crime Complaint Center (IC3) | Cybercriminals Tampering with QR Codes to Steal Victim Funds