Data Doctors: Sniffing out evil QR codes

Q: Is there a way to tell if a QR code is safe?

A: QR (Quick Response) codes are actually two-dimensional barcodes that were initially developed for the automotive industry in 1994 to expand the capabilities of standard barcodes.

Although they were designed to provide a lot more detail when scanned, the QR codes that you’ll encounter as a consumer are nothing more than a quick way to represent a complicated web link.
It’s much quicker to shoot the code with your smartphone then it would be to type in a long string of characters to get to a specific web page, which is why they’ve become so popular.

QR code dangers

Since QR codes are generally nothing more than web links, they should be approached with the same caution you exercise when you see a web link in an email or text message.

Unless you know and trust the source, following the link generated by the QR code can lead to a malicious landing page or a sophisticated scam.

They’ve been used in targeted phishing scams because the fake sites they take visitors to can look just like the legitimate site of a trusted company.

When in doubt, avoid even shooting the QR code, as some apps might automatically open the link for you.

Red flags to watch for

There’s no way to know how safe a QR code is just by looking at it, so the first consideration should be your environment.

If you randomly run across a QR code while you’re out and about, especially those telling you that you could win something, be very cautious. Criminals are using the same social engineering techniques that have proven effective in email scams.

Receiving QR codes via email or text or in a social media post should also be viewed with suspicion, as the actual web link could have been used in these instances.

Even if you get a printed item in the mail with a QR code, using it without doing your homework can be dangerous as pointed out by the Better Business Bureau.

Replaced codes

Generating QR codes is incredibly simple, which means creating stickers with fraudulent QR codes is also easy. These stickers can be placed over legitimate QR codes on posters, table placards or just about anywhere that they may seem legit.

If you see that the QR code is actually a sticker and not part of the poster or placard, be very cautious.

They’ve become very popular in restaurants, but I prefer to access the menu page manually via the restaurant’s website or from the info posted in Google Maps when I got directions.

QR code safety scanners

If you want an extra layer of protection, instead of shooting QR codes with your smartphone’s camera app, use one that includes a safety check of the web link.

If you already have a security app installed on your smartphone, see whether it includes a QR code scanner.

If you don’t, Trend Micro offers a standalone QR scanner for Android devices; Kaspersky has one for iOS devices.

This content was republished with permission from CNN.

More from WTOP

Log in to your WTOP account for notifications and alerts customized for you.

Sign up