QR Code Security Alert: One Click Away From Dining With Hackers

QR codes have been around since the mid-’90s. But the use of QR codes has been steadily rising since the onset of the pandemic. The convenience of one-click viewing of everything from restaurant menus to Google reviews to COVID-19 updates was just the ticket for people in different levels of lockdown and socially distanced isolation. However, although QR codes have always been a lure for cybercriminals, the increasing use of QR codes in comprehensive marketing plans has garnered increased attention from hackers. As a result, we must include QR codes in our overall cyber security protection protocols.

Are QR Codes Safe?

QR codes do not contain security flaws. Technically, a QR code cannot be hacked. However, the final online destinations are contained within the codes. Like any other links, they direct you to websites containing various types of malware, making you more vulnerable to a cyberattack. It doesn’t matter if the code is on a menu, a manual, an email or a text. You cannot tell that a QR code is part of a hacking scheme just by looking at it. It all happens after you’ve scanned the code and connected to its link. Once connected to the hacker’s website, it might automatically download code for malicious programs onto a user’s device. In some cases, the destination site might prompt you to log in, share personal information, users' names, passwords or financial data. As we’ve reported in many cyber security blogs, a best practice for all unknown URLs is to “think before you click.”

Other Consequences of QR Fraud

Once users have unknowingly scanned a fake QR code, they will likely face a malware attack. Once the fraudulent QR code hack is successful, cybercriminals can have their way with your devices. They can:

• Add Questionable Contacts to Your Contact List – Many users have hundreds, if not thousands, of contacts in their contact lists. Finding a nefarious one that has been added without permission is a daunting, if not impossible, task.
• Sending Fake Text Messages to User Contacts – Many of us have been contacted by friends or associates who have told us they have gotten strange texts or emails from someone claiming to be you. They could notice something doesn’t look right. You might be a victim of QR code fraud.
• Hacking Cell Phone Billing – If your wireless bill is suddenly higher than usual, a QR code you scanned might be charging your account for erroneous, high-cost cell phone calls to anywhere in the world.
• Transfer Unauthorized Payments – One of the worst-case results of any cyberattack is when money is stolen. If you scan a QR code that connects you to a scam website or network, any requests for personal or financial data can have devastating consequences. Many small to midsized businesses could go bankrupt as a result of a severe attack.

QR Code Privacy

There are several other tried and true cyber security steps you can take to help protect against a QR scam:

• Never Trust Emails From Unknown Senders – This policy applies to all online activities on any device. If you think the source might be legitimate, do some research, such as checking the domain name associated with the sender’s address, before opening it.
• On Printed Materials, Beware of QR Stickers – If you are viewing menus, manuals or any printed matter, check to make sure a hacker hasn’t glued a scam QR sticker over the legitimate one.
• Do Not Scan QR Codes Embedded in Emails – QR codes embedded in emails are exactly the same as links. Clicking on QR codes with your QR scanner requires the same amount of caution one would apply to any link embedded in an email. Again, “think before you click.”
• Install a Scam Blocker or Filter – Nothing is perfect, but a good scam blocker could help screen out many known scams.
• Install a QR Scanner That Displays the URL Before Connecting to the Link – Seeing the URL displayed before you are taken to its destination is a great, built-in 10-second delay that could save you from being hacked.

Malware protection is not a simple matter. As our use of online technology now encompasses so many areas of our personal and business lives, cybercriminals stay in step and continue to find new ways of attacking your private data. Unfortunately, most small to midsized businesses have neither the time nor the budget for a full-time IT department. However, it is essential to employ IT experts to assess your cyber vulnerability and help you design the best layers of protection for your hard-earned data.

DIGIGUARD Cyber Security Knows How to Protect Your Network and Devices From Hackers

DIGIGUARD, specializing in preventing cyber threats, has a wide array of solutions to protect against cybercrimes and ensure you have the best possible protection. It works with small and midsized businesses to establish cyber security best practices to ensure your confidential data is secure and all your devices have the specific protections they require, especially those used for remote-access work. For any business, cyberattacks can have devastating consequences. DIGIGUARD can assess your cyber risks and work with you to design the best protection solutions for your business.

Call DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) and visit www.DIGIGUARDsecurity.com to discuss how you can increase your company’s level of cyber security and avoid a deadly cyberattack.