Restaurant menus worldwide have been replaced by QR codes stuck to the table during the COVID-19 pandemic. Physical menus were judged too difficult to clean and could act as infection vectors. Since everyone has a smartphone nowadays, QR codes were attractive alternatives instead of asking clients to type in the restaurant’s URL on their phones.

Before, QR codes were mainly used for advertising purposes to offer a quick way for the consumer to visit a website while reading a paper magazine. Several startups have also tried to launch a QR code payment product over the years. While this has become a wild success in China and other parts of Asia, it never really caught on in other parts of the world.

These uses are still a far cry from the real reason for their invention in 1994: to follow and quality-check cars on the production line as they were being built. They quickly became popular for physical linking websites in the real world, but because that wasn’t their initial application, they also lacked security measures.

Quick Response(QR) codes are random enough that millions of unique images can be generated. Still, the technology itself is so simple that it can’t detect basic things like a URL not pointing to where it advertises. This makes QR codes an excellent tool for phishing attacks in a world where consumers are increasingly adept at noticing potential scams.

This article will outline five things that should always be on your mind when you see a QR code out in the world. These five behaviors will be able to keep you safe and handle any situation a QR code scammer might throw at you.

Not All Codes Should Be Scanned

QR codes have become so ubiquitous that we don’t think twice before using them anymore. Fake QR code parking scams have popped up in San Antonio, Texas, and Atlanta. The scammers simply slapped stickers on parking meters around the city. Victims were taken to a website asking for their credit card information which was then stolen and sold.

The checks on public QR codes are as simple as the ones on an email phishing attack. Make sure that the URL in your browser after scanning the code is the one you wanted to go to. Similarly, take a good look at the page’s design to catch any mistakes.

Never Scan an Email QR Code

It’s safe to say you should never, under any circumstance, scan a QR code sent via email. The only rationale for sending a QR code via email is to hide a fraudulent link to circumvent security measures put up by an organization.

Scammers using this method typically try to pass for a large corporation like a bank since they’re likely to be trusted and introduce new technological measures like QR codes. It’s simple; there’s no reasonable justification for putting a QR code in an email. The only reason is to hope the person receiving the QR code won’t look at the URL before clicking.

Proceed With Caution with QR Payments

QR code payments are a business that many companies have tried to build and failed. Ironically, the main reason why these startups never worked out is because of low consumer adoption of QR codes and security issues. Not only were QR codes rare, but they were so easy to use nefariously that investors had a hard time putting money into such projects.

However, QR payment codes are the norm in China and several parts of Asia. Large corporations to street vendors use them to have everyday transactions with customers. Whether you’re travelling or seeing one of the rare QR payment applications in the western world, it’s best to ask merchants for an alternative payment method.

If the merchant insists on QR code payment, it should be a red flag to you. If it’s your only option, make sure that a recognized app handles the payment. For example, these payments usually run through WeChat or AliPay in Asia, and these platforms can be trusted since they control billions of dollars in transactions every year.

Any other platform or suspicious app should never be used for QR code payments.

Always Scan with your Phone’s Camera

There are many QR code scanning apps on the respective stores hosting them. While some might be simple, well-built software, many of them are scams. They might simply be malware, but most attempt to inject code as they scan QR codes to misdirect you to a fraudulent website.

The solution is simple: using your smartphone’s camera app. Whether you’re on Android or iOS, your camera app can read QR codes and show you a preview of the URL before clicking on it. You can trust the security of an app built by Apple or Google, and you can thwart most phishing attempts with the preview feature.

Be Wary of Social Media QR Codes

Like the email QR codes previously mentioned, you should never click on a QR code sent via the messaging functionality of a social network. However, certain social platforms, namely Spotify and Snapchat, use a version of QR codes to allow users to connect easier.

This has led hackers to digitally alter QR code images to fool users into visiting a different website upon scanning. You should only scan QR codes displayed on the official website or app of the concerned social media platform. That way, you can be sure it hasn’t been modified maliciously.

The Rise of QR Codes

QR codes will likely be in our lives for the foreseeable future. Whether they will still be a niche offering or become more widespread. Either way, you should know how to protect yourself from the scams linked to this technology. The behaviors outlined in this article should cover almost every QR code situation.



Cybersecurity Hub

Cyber Security Hub: Access Exclusive Cyber Security Content

Take advantage of our free Cyber Security Hub – it is your one-stop cyber security awareness and knowledge center with one-click access to our COVID-19 Kit, Work From Home Kit, Password Kit, Phishing Kit and more.