Quick response codes, or QR codes, are the latest thing in mobile marketing. Scan a funky little square with your smartphone and instantly visit a website, subscribe to an email list, or download more information about an event or a business. They are great for getting people on the go and giving customers something quick and easy. They are also becoming a great way for cybercriminals to steal information and to infect cell phones by creating QR code malware, or having them lead to malicious sites.
Since QR codes are so new, there aren’t many security measures or protections in place to ensure that QR codes are doing what they’re supposed to be doing. How do you know if a certain QR code is safe? How do you make sure that your code doesn’t end up getting hacked and harming others?
Before scanning a code, check the url of the website it goes to. This is done by having a scanning app that reveals the url when looking at a QR code. If the url seems suspicious, or is maybe encrypted with a url shortener, then scanning that code may not be the best idea. If you do scan a code and you are taken to a login form, DO NOT fill in the form. That’s a trap for criminals to retrieve personal information. In legitimate cases, scanning the QR code should, at least, retrieve the phone number automatically, or should ask for information if you are subscribing to something. Most other instances where a QR code is used, such as leading to a website or downloading a coupon, shouldn’t need any personal information.
Another way to protect yourself is to have an app on your mobile device that warns of malicious sites or possible infections. Apps such as VPN4all’s mobile solution, Lookout Mobile Security, OCShield’s Mobile App, and Norton Mobile Security can prevent you from going to a malicious site, block malware and malicious texts, and/or protect your privacy and identity.
Businesses that use QR codes can also take measures to ensure that their codes are safe and secure for customers. One thing to do is to provide context for the QR code when it’s on a brochure or website. This way, customers will know exactly what’s supposed to happen when the code is scanned. Oftentimes, spammy codes won’t have any context at all. Businesses should also reveal the exact url of where the code leads. This keeps the process transparent and won’t have anyone think you’re taking them somewhere unexpected.
Unfortunately, QR code security at this point in time is “buyer/business beware.” Business and consumers need to do their part with mobile security and emerging technologies. No one is going to provide this protection for you.