QR Codes and Hackers | Pt 2: How to Protect Yourself
Dan Levenson June 30, 2022
Welcome back to the second half of our two-part article on how to QR code hacking and how to protect yourself. Last time, we covered how QR codes work and how hackers are corrupting them with infected links and malware downloads. Join us today as we dive into the smart ways to protect yourself from scanning or downloading hacked QR codes found out in the world.
How to Stay Safe from Malicious QR Codes
So, how can you stay safe from malicious QR codes while still enjoying the convenience that QR codes can provide? The key is to stay alert and watch for signs that a QR code is not legitimate or has been tampered with.
1) Look Carefully: Never Scan a Sticker
Before you scan a menu or parking meter, look carefully at the code. Check for a faint outline surrounding the dotted square. If it looks like the QR code has been pasted on as a sticker, do not scan. Never scan a QR code that looks like it could be a sticker and added after the original document or sign was printed.
You can also compare your code with others nearby. Check all the menus at the table or take a look at other nearby parking meters. If the size or design of one or some QR codes is different from most, they may have been tampered with.
2) Examine the Link Before You Swipe
On most phones, you will get the chance to approve QR action before it is completed. Look carefully at the approval page. Does the domain name of the link match what you expected to see? Does it match the official website domain of the business? Is the action being requested what you expected to find? You can even stop a service person in the store or restaurant to confirm that the link looks correct if you are concerned.
If the action is not what you expected – like requesting email access instead of following a link, cancel the code and do not approve-swipe.
3) Don’t Scan Random QR Flyers and Stickers
Once, it was cool to scan every QR code you passed on the street. Today, that is riskier. Hackers can easily print a few business or yard sale flyers on friendly pastel paper with an infected QR code attached. They can absolutely print a few “bumper” type stickers to slap on cross-walk poles with a slogan and an infected QR code.
Be cautious about what you scan. It should be safe to scan a flyer you handed from venue staff, but not a flyer posted to a telephone pole.
4) Let a Venue Know if Their QR Codes Have Been Compromised
If you have reason to believe that a business’ QR codes have been compromised, let them know! You can protect yourself and hundreds – maybe thousands – of others from infection with a simple act of communication. Send an email or walk up and tell them that their signs, menus, or flyers have been compromised by a hacker with false QR codes.
The business will be grateful and you will get a legit code to scan the next time you visit.
5) Clean Your Phone if You Suspect Infection
Finally, be sure to have your phone cleaned of malware and infections if you suspect you have scanned a questionable QR code. Not all QR code landing pages are professional and sometimes errors happen. But it’s always better to take extra safety steps than to be key-logged the next time you access your bank account. QR codes are convenient, but today, QR code safety is a new type of personal cybersecurity that we all share.
For more leading technology and data security insights for your business, contact us today.
This article is for general information purposes only. It is not insurance, tax, legal, business, or other advice. For specific insurance questions related to you or your business, please contact our office.