QR codes, they're everywhere, and more and more of us are happy to use them, seemingly without being aware of the dangers they pose.
Let’s pinpoint the risks of getting scammed when we use phones to scan those rectangular boxes full of dots and squiggles.
ALARM SOUNDS ON DANGER OF QR CODES
Remember when, a few years ago, when QR code scams are in their early days, but as more and more organizations see the benefit of using these codes, expect the crooks to exploit the same opportunity too."
Maybe you don't recall hearing. But that's exactly what's happened, with new alerts about how these scannable "Quick Response" black-and-white boxes of dots and squares are now being used to trick more victims than ever into giving away confidential information or downloading malware.
Furthermore, Internet security experts say the QR scam situation is steadily getting worse and is likely to continue to do so.
The trouble is that so many of us are used to scanning these graphical shapes with our smartphones precisely because they're such a darned convenient way of connecting to websites or downloading information.
And one of the main reasons for the current surge is the change in our social behavior because of the current health crisis.
More businesses are using them in place of printed matter, like brochures, because that means consumers don't have to touch them.
According to one of the latest reports, from security software firm MobileIron, 72 percent of consumers polled said they'd scanned a QR code during one single month, with the vast proportion saying they did so because it "made life easier."
And almost half of consumers admitted they still use QRs despite knowing the concerns about their security.
"The study also revealed that many people lack security on their mobile devices and are largely unaware of the security risks posed by QR codes," the firm said.
"A whopping 47% of respondents stated they do not have or do not know if they have security software installed on their mobile devices."
Worse, more than a third of users actually say they're not worried about security when they scan one of these code boxes.
Creating a QR code scam is easy. The codes can be generated quickly using free software. The crooks then produce stickers to place on top of genuine codes, leading users to fake or compromised websites.
However, the growing popularity of these graphics has led to much wider use -- for example to reveal your location, follow social media accounts, create an email, restaurant menus, join a Wi-Fi network or even to cast a vote.
Many users are totally unaware of these extra abilities. In fact, 40 percent of people surveyed said they'd be happy to vote by scanning a code.
So, if you don't follow precautions and you don't have security software, you could be heading for a costly scam the next time you scan.
Security experts says businesses are not doing enough to improve the way they present these codes and to alert users to potential dangers. But consumers can also play their part.
FIVE KEY STEPS
- Here's an updated version of the five key steps you can take, as we outlined in our earlier issue:
- Don't scan codes that don't have any text or explanation with them.
- Check for a raised edge on the code showing it's a sticker. Again, don't scan unless you check with someone -- for example at a restaurant that may have updated its menu.
- If the code takes you to a website, don't provide any confidential information until you know for sure it's genuine.
- If scanning results in something you didn't expect, like opening an email, don't use it.
- Use a secure QR code reader that checks its validity. There are lots of free ones. Simply search for "secure QR code scanner" or something similar.