In today’s digital world, QR codes are placed on almost everything—from yogurt containers and restaurant menus to museum exhibits and even utility bills and parking lots.
People use them to open websites, download apps, collect loyalty program points, make payments, transfer money, and even make charity donations. The accessible and practical technology is convenient for many, including cybercriminals, who have already rolled out a variety of QR-based schemes.
Kaspersky experts have identified the 4 security risks when scanning QR codes:
- Phishing and redirection to malicious sites: QR codes can direct users to fraudulent websites designed to steal personal or financial information, such as passwords and credit card numbers. Attackers can impersonate legitimate sites, such as banks or streaming services, and trick users into entering their credentials.
- Malware download: Some QR codes can trigger the download of malicious applications that compromise the security of the user’s device, especially if it is not protected against unauthorized installation.
- Payment fraud: During special events or sales periods like holiday sales, a fake QR code can redirect users to make payments to fraudulent accounts.
- Unsafe automatic connections: A QR code can also automatically connect the user to Wi-Fi networks controlled by cyber attackers, allowing them to intercept their communications.
“QR codes are a fertile ground for potential manipulation, especially as they appear in various everyday contexts such as receipts, flyers, and signage. Attackers have nearly endless possibilities to exploit them. As these codes have already become an integral part of our daily lives, it is essential for users to know how to use them safely and responsibly,” says Seifallah Jedidi, Head of Consumer Channel for META at Kaspersky.
