Ransomware attacks alert! Be Cautious of QR Codes

New Ways to Scam That You Should Know

A QR code is the black square made of other smaller black squares to create the shape. By now, anyone should have seen this almost everywhere. It is printed behind the packaging of your favorite chips and drinks. Likewise, most businesses, local or corporate, also have displayed these either on their menu, website, flyers, posters, etc. Basically, this can be anywhere where it can be printed on. However, this cute little boxes are now being used dubiously such as ransomware attacks.

What is a QR code?

QR, short for “quick response”, code is a box shaped bar code that can store a lot of data. These data are meant to be easily accessible using the QR code, hence the name. It aims to be able to show the details hidden behind the code by simply scanning it with a QR code scanner. Companies usually direct the customers to their website, payment portal, promo flyers, coupon, videos, among many things, once QR is scanned. It is gaining popularity given the wide array of marketing and information that can be shared in these codes.

The good news is that QR codes themselves do not take or save your personal or device data. Code creators can only access information such as the location of where the code was scanned, how many times it was scanned and what kind of OS was used. This does not however mean that QR codes are completely safe. As with any popular technology available, threat actors have found a way to exploit this to do their evil deeds.

Cyber criminals can create fake QR codes that direct the user to malware or phishing sites that leads to a ransomware attacks. This is easily executed as the code contained in the QR is unreadable to the human eye. Anyone who knows how to generate a QR code can attach it to the malicious sites. Once you fall for these, that is the time your data and system is compromised.

Ransomware attacks via QR code

QR Code and Its Origins  

QR codes were first introduced in 1994 by a Japanese company. This was invented for the purpose of tracking automotive parts and vehicles. It was developed from barcodes. However, unlike barcodes that can only be read in one direction, QR codes offer flexibility of being read bidirectionally. Because of this, it also allows more data to be stored as well.

The creator did not purposely apply for a patent so that the technology can be used by anyone. Initially, however, the use of QR code was slow. This only became popular in the early 2000’s after the integration of QR code scanners in smartphones. Now, the use of QR codes has made its way to businesses across all industries. 

Scammers Exploit QR Code Use

As the use of QR codes became popular, threat actors also found ways to make use of these innocent boxes. Basically, what they do is generate a QR code. They then stick it over real QR codes for legitimate businesses or campaigns. This may be in an ad poster, menu board or even grocery items. They can even launch fake contents or promotions using legitimate business names to spread the code and lure more victims.

Here are Some Ways QR Codes are Used Dubiously 

• The fake QR code from scammers, once scanned, will direct the user to the website designed to phish information out of the user. This may look like forms asking for your personal and financial information before you can claim a discount or coupon. However, the truth is that they just mined your information to be sold or used as they pleased.
• Another way scammers use QR code is by redirecting the user to download an application. This, needless to say, would be a malicious app designed by hackers to spread malware. The malware may do a lot of things such as spy on browser or device activity, save details in clipboard, access directory and even encrypt your device for ransomware attacks. 
• Scammers can also make use of QR codes to redirect payments into their pockets. This is done by hijacking legit payment code for businesses. This may also be used to get payment for a free service.

Smart and Safe Use of QR Codes

Given all the different ways you can fall victim to scams using QR codes, it is therefore important to be vigilant whenever you scan one. Always remember that the mindless use of technology is where the danger starts.

Check Source

If you do not know where the code is from, don’t scan. Always make sure the source of the code is a trusted one. This is particularly important especially if it asks you to enter details such as personal or credit card information. Make sure the name of the business is correct and free of spelling errors. Usually, fake sites that mimic legit business would have a letter or more wrong. The overall look should usually be similar to the branding of the business. If it’s off in color or design, it could be a fake.

Ransomware attacks via QR code

Install a QR Code Scanner App

Most QR code scanner apps have an added security feature. The app will analyze the codes and do reputation checks on the websites before redirecting you. Take advantage of this and install one rather than scanning from your phone’s device directly. 

Always Verify URL

Companies can use QR codes to promote their business. Make sure to check the website URL if it is the right one. Do this before scanning the QR code. If the URL is off even by one character, it could be fake.  

• If It’s Suspicious, Don’t Scan!
  You see a random QR code decorated nicely? If it does not tell you what it is about, don’t scan. Keep your curiosity in check so you don’t become a victim. Threat actors use curiosity as bait so don’t fall for it. Also take time to closely look at the QR codes from reputable businesses or campaigns. Make sure it is not tampered with or covered over. Menu board with stickers for QR code-don’t scan! A poster with a patched-up part that includes the QR code-don’t scan! Use caution and common sense to avoid getting scammed.
   
• Update Software
  Your device and QR scanning up will update software regularly to patch up vulnerabilities. Make sure to update to the latest versions to maximize their security features.
   
• Be Cautious of Websites Accessed Via QR Codes
  A good rule of thumb would be to always be wary about websites asking for login credentials, personal details and credit card information. This is especially true for websites that are accessed via QR code. When using paying applications, use only those platforms you know and trust. Counter check account information you are sending money to before confirming transfer. If the name of the recipient seems off, hold off payment confirmation until you cross-check with a business staff.

Enjoy Using QR Codes Safely

QR codes are used in a lot of businesses and mostly in fun and entertaining ways. Enjoy the perks and services safely. Mindful usage of this feature is the key.

Adding more layers of protection for your devices and network is also important. Malware and phishing from QR codes can do a lot of damage to you and your business. Your trusted IT professionals can help you add more ways to your security measures.  

Contact us today and learn more!