Do QR Codes Put Your Mobile Device at Risk?

Philip BaderVulnerabilities

Quick Response codes, or simply QR codes, have been around since 1994. These printed square barcodes contain data that computers can scan and read. They were created by a Japanese subsidiary of Toyota to keep track of automobile parts during the assembly process.

After the COVID-19 global pandemic hit in early 2020, QR codes have been nearly ubiquitous in bars and restaurants as a hands-free way to access menus. You can find these seemingly innocuous patches everywhere from museums, where they link to web content about exhibition pieces, to concert venues, where a scan grants entry to an event. But are QR codes safe?

Sizing Up the Danger from Fake QR Codes

The short answer is that it depends on who created them and where they lead. Like all technical innovations, QR codes have caught the attention of scammers for their ability to manipulate users into giving up or exposing sensitive login credentials or other information.

In a public service announcement dated January 18, the FBI warned that scammers have been tampering with QR codes. In some cases, legitimate codes have been replaced with fraudulent QR codes so that users think they can trust where the codes take them on their mobile browsers.

The FBI also warned that QR codes might also “contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information.”

An Ars Technica report earlier this month identified a scam involving the placement of fake QR codes on parking meters in three Texas cities. Police in San Antonio, one of the cities affected, warned that people attempting to use the codes to pay for parking “may have been directed to a fraudulent website and submitted payment to a fraudulent vendor.”

How to Protect Yourself from QR Code Scams

The FBI announcement cautions people that law enforcement might not be able to recover funds lost through QR code scams. Nonetheless it offered some tips that might protect you before your device becomes compromised.

  • Check the URL when you scan the QR code to ensure that it looks authentic. Fraudulent domains often have obvious typos.
  • If scanning a physical QR code, make sure the code shows no signs of tampering.
  • Never download an app from a QR code. Use your phone’s app store instead.
  • If you receive an email about a failed payment from a company you recently purchased from that says you must complete the purchase through a QR code, call the company to confirm.
  • Do not download a QR scanning app, which can contain malware. Most phones have a built-in scanner through the camera app.
  • If you receive a QR code from someone you know, verify that the code came from them.
  • Avoid making any payment through a site navigated to from a QR code. Manually enter a trusted URL to complete your payment.

Data Security You Can Trust

Your personal data has never been more vulnerable to cyberattacks. Ransomware attacks, email phishing campaigns, and other criminal schemes have increased dramatically in the last few years. Addressing these vulnerabilities after an attack is much harder than taking the necessary steps to protect your data in advance.

For more than a decade, SecureData has helped our customers protect themselves from ransomware and other malware attacks, personal identity theft, and other malicious schemes aimed at compromising computer networks, storage drives, and mobile devices in order to steal login credentials and sensitive financial information.

SecureData specializes in security solutions that keep private data offline, encrypted, and remotely managed. Our FIPS-validated SecureDrive® KP and SecureDrive® BT external portable drives and SecureUSB® KP and SecureUSB® BT flash drives give users cutting-edge tools to protect their most important information at rest or in transit.

Our Remote Management (RM) Console provides IT administrators the ability to centrally manage all SecureDrive and SecureUSB devices deployed throughout an organization from anywhere in the world. Lost or stolen drives can be instantly wiped, keeping your sensitive data out of unauthorized hands.

SecureData has a comprehensive suite of products and services, including our SecureGuard USB port blocker, all built to do one thing: keep your data safe and secure.

Call us at 424-363-8535 to speak to one of our data security experts or to schedule a free product demo..