don’t lie: According to one source, 84 percent of people have scanned a QR code before, with 32 percent most recently having scanned a QR code in the past week and 26 most recently having scanned a QR code in the past month. From March to September 2020, 38 percent of respondents to a 2020 survey scanned a QR code at a restaurant, bar or café; 37 percent scanned a QR code at a retailer and 32 percent have scanned a QR code on a consumer product.
But popularity often comes at the price of security, one that very few consumers appear to know about much less take steps to protect themselves against. In fact, in a 2020 survey, 64 percent of respondents stated that a QR code makes life easier, but more than half, 51 percent, said they do not have or do not know if they have security software installed on their mobile devices.
Security issues with QR Codes are different from other IT problems, because QR Codes cannot be hacked. They are physically constructed using a specific configuration of dots that have to be physically altered to redirect the scanner to other than their intended location.
That said, there are specific security concerns
when it comes to scanning these codes. Among the more common concerns are:
- Posters or flyers printed with malicious QR codes, distributed in public places. The codes redirect users who scan them to untrustworthy landing pages and prompt them to download malicious software that steals their private data.
- After a marketing campaign has ended, the legitimate QR code may still exist directing users to a site the original company no longer owns. Third parties purchase the site, repurpose the QR code link, and send users to a different landing page.
- Fraudsters print stickers containing hostile, counterfeit QR codes and paste them over legitimate ones. These codes could take users to phishing websites rather than the intended website or special offer page.
Experts offer the following tips on increasing QR Code security
- Check for signs of tampering (such as placement of a sticker), especially when scanning QR Codes in public places.
- Verify the company and the given URL. Does the company look legit? Does the design look professional? Once you’ve scanned the QR Code and are redirected to a website, use the same company verification process. Also, check the URL and see if it’s composed in a strange manner or if it has two different names.
- Don’t scan from an unfamiliar website, poster or magazine unless you are sure you know where you are going.
- Avoid providing personal information if directed to another website. If you get somewhere that seems fishy, don’t make it worse by providing a lot of personal information.
- Use security applications on mobile devices. This goes without saying: Anti-virus and anti-malware software should be a staple on any phone, the same as many people have using on desktops.