Advertisement

Learn more about Our Communities Advertising solutions

Be careful when using QR codes

Tony Zerucha By: Tony Zerucha Posted:

Advertisement

Advertise with us

Hey there, time traveller!
This article was published 06/07/2021 (1633 days ago), so information in it may no longer be current.

As we emerge from our caves post-pandemic, one thing you may notice when you hit the malls is the resurgence of QR codes; those digitally created squares that look like ink blots. While they were briefly popular a few years ago, they never really caught on.
Like yesterday’s fashions, QR codes have made a comeback, as retailers seek ways to make paying for stuff even easier than before. Now, instead of entering a website address you just have to aim your phone at the QR code, scan it and let the technology take you to fabulous places.
Like all technologies there is risk attached, Chris Goettl recently told me. He is a senior director of product management at Ivanti, a technology security firm. When people gravitate to technology, assume fraudsters are too, he advised.
They certainly are with QR codes, Goettl said. One early campaign in Russia saw people download a QR code which, when installed on their phones, directed text messages costing $6 each to the fraudster’s bank account. Enough people downloaded the code to make it quite lucrative. Another scheme worked its way into a popular app store and was downloaded as many as one million times before it was discovered.
The best way to prevent yourself from falling victim is to understand a criminal’s mindset, Goettl said. The biggest goal of a scammer is to get your credentials by having you fill out a form. They count on you using similar information for your passwords and login identification elsewhere online, so this information can give them a head start to hacking into your bank accounts. Within minutes, a skilled hacker can find a detailed presence you leave online, either through your direct inputs or by tracking other places where you are mentioned by friends, family or business contacts who are also online.
Fraudsters are increasingly targetting QR code use at medical practices, pharmacies and other places where people divulge health information. Again, the goal is to get personal information so they can target your accounts or impersonate you online.
There are some practical steps you can take to protect yourself and the first is unbelievably simple, Goettl advised. 
Look to see if someone has taped a fake QR code over the original one. That’s a dead giveaway, but people fall for it. If a QR code takes you to a website address, look at the address carefully to see if it is misspelled to look like a well-known company’s site – this often happens. You can get barcode scanners for your phone that preview the site you’re being directed to to see if it looks legitimate. If you run a business, Ivanti offers a corporate mobile defence product.
In this quest for better and faster we must occasionally slow down so we can take conscious steps to protect ourselves.
“Users need to be security conscious always and most of the world doesn’t want to deal with that,” Goettl noted. “Nothing you do digitally can ever be truly private. Everything you do, assume somebody is watching.”
  
Tony Zerucha is a community correspondent for East Kildonan. Email him at tzerucha@gmail.com

As we emerge from our caves post-pandemic, one thing you may notice when you hit the malls is the resurgence of QR codes; those digitally created squares that look like ink blots. While they were briefly popular a few years ago, they never really caught on.

Like yesterday’s fashions, QR codes have made a comeback, as retailers seek ways to make paying for stuff even easier than before. Now, instead of entering a website address you just have to aim your phone at the QR code, scan it and let the technology take you to fabulous places.

Photo by Tony Zerucha We can expect to see the use of QR codes increase once we emerge from pandemic lockdowns. We can also expect to see more QR code-related fraud.
Photo by Tony Zerucha We can expect to see the use of QR codes increase once we emerge from pandemic lockdowns. We can also expect to see more QR code-related fraud.

Like all technologies there is risk attached, Chris Goettl recently told me. He is a senior director of product management at Ivanti, a technology security firm. When people gravitate to technology, assume fraudsters are too, he advised.

They certainly are with QR codes, Goettl said. One early campaign in Russia saw people download a QR code which, when installed on their phones, directed text messages costing $6 each to the fraudster’s bank account. Enough people downloaded the code to make it quite lucrative. Another scheme worked its way into a popular app store and was downloaded as many as one million times before it was discovered.

The best way to prevent yourself from falling victim is to understand a criminal’s mindset, Goettl said. The biggest goal of a scammer is to get your credentials by having you fill out a form. They count on you using similar information for your passwords and login identification elsewhere online, so this information can give them a head start to hacking into your bank accounts. Within minutes, a skilled hacker can find a detailed presence you leave online, either through your direct inputs or by tracking other places where you are mentioned by friends, family or business contacts who are also online.

Fraudsters are increasingly targetting QR code use at medical practices, pharmacies and other places where people divulge health information. Again, the goal is to get personal information so they can target your accounts or impersonate you online.

There are some practical steps you can take to protect yourself and the first is unbelievably simple, Goettl advised. 

Look to see if someone has taped a fake QR code over the original one. That’s a dead giveaway, but people fall for it. If a QR code takes you to a website address, look at the address carefully to see if it is misspelled to look like a well-known company’s site – this often happens. You can get barcode scanners for your phone that preview the site you’re being directed to to see if it looks legitimate. If you run a business, Ivanti offers a corporate mobile defence product.

In this quest for better and faster we must occasionally slow down so we can take conscious steps to protect ourselves.

“Users need to be security conscious always and most of the world doesn’t want to deal with that,” Goettl noted. “Nothing you do digitally can ever be truly private. Everything you do, assume somebody is watching.”

Tony Zerucha is a community correspondent for East Kildonan. Email him at tzerucha@gmail.com

Tony Zerucha

Tony Zerucha
East Kildonan community correspondent

Tony Zerucha is a community correspondent for East Kildonan. Email him at tzerucha@gmail.com

   Read full biography

Our newsroom depends on a growing audience of readers to power our journalism. If you are not a paid reader, please consider becoming a subscriber.

Our newsroom depends on its audience of readers to power our journalism. Thank you for your support.

Tony Zerucha

Tony Zerucha
East Kildonan community correspondent

Tony Zerucha is a community correspondent for East Kildonan. Email him at tzerucha@gmail.com

   Read full biography

Our newsroom depends on a growing audience of readers to power our journalism. If you are not a paid reader, please consider becoming a subscriber.

Our newsroom depends on its audience of readers to power our journalism. Thank you for your support.

Advertisement Advertise With Us

Advertisement Advertise With Us

Report Error Submit a Tip

Advertisement

Learn more about Our Communities Advertising solutions

Community Correspondents

LOAD MORE