MegaBanner-Right

MegaBanner-Left

LeaderBoad-Right

LeaderBoard-Left

Home » Industry News » Security Surveillance & Access Control & Cyber Security News » Think before you scan – QR codes are a potential cyber risk

Think before you scan – QR codes are a potential cyber risk

QR codes are nothing new – they have been around since 2004 – but with the increased availability of smartphones, which can scan these two-dimensional barcodes with their built-in cameras, QR codes have become increasingly popular. They can be used to make payments, download menus in restaurants, for general marketing purposes and a multitude of other applications. They can also be used by cybercriminals and malicious actors to steal personal and payment-related information, so it pays to be a little more aware.

Convenience is the killer

QR codes are, by design, incredibly user-friendly. These days, we see them everywhere. They are on the back of consumer products, and we can scan them to get more information. They are in restaurants so we can scan them to view the menu without touching a physical menu card. They are used to enter competitions, in children’s books to access online content. They are also used by various apps to allow small business vendors to accept credit card payments.

The risk is that, while smartphones can read the QR code, humans cannot, so we have no idea where the code will direct us to. We could easily be clicking on an infected link, a spoof website, or even just paying the wrong vendor. Opening a QR code could trigger an executable file or potentially malicious code, which can then be used by cybercriminals to steal personal information, including payment data.

Think before you scan

The issue here is not with the QR codes themselves, or with the payment apps, because these are both secure and mature technologies. The trouble is that QR codes are easy to generate – this can be done for free online – which means that genuine codes can easily be replaced by fake ones, leading people to links that look legitimate, or that are legitimate but send payment to the wrong vendor.

For example, at a market, vendors will have QR codes to scan and pay, but they often have strange names, or multiple businesses use the same payment application code. This makes it very easy for a malicious actor to replace the real code with their own, effectively stealing money from these vendors. Similarly, QR codes for downloading menus, entering competitions or other marketing exercises, can easily be replaced by fake codes that look real, but lead people to infected links or spoof sites where personal information is voluntarily entered and then stolen.

Be aware of the risk

The biggest risk around QR codes is that we use them in scenarios where we are not necessarily paying attention to, or thinking about, cybersecurity. They are easy and convenient, and even children can use them. However, they can also be abused, so we need to be aware of the risk.

If possible, verify the payment before you process it – check with the vendor that you are paying the right person, visit links directly through your browser, or use an alternate method where possible. Have endpoint security on your devices to protect you from malicious content. Most of all be mindful. QR codes are fun, easy and convenient, but they are vulnerable to abuse, and we need to be aware. You wouldn’t just click a link in an email without checking, so why scan a QR code without verifying it first.

To enquire about Cape Business News' digital marketing options please contact sales@cbn.co.za

Related articles

When cyber attackers are using AI, your defence needs to do the same

By Ivaan Captieux, Information Security Consultant at Galix CYBER threats have become increasingly sophisticated thanks to the use of Artificial Intelligence (AI), and attacks can...

Scan, click, pay — City payment done!

City customers can make use of easy and convenient online options, including scanning QR codes on their municipal invoices, to pay their accounts. The...

MUST READ

Why AI is both a risk and a priority defence tool

Cyber security in the age of AI is a key topic for the forthcoming ITWeb Security Summit, to be held in Cape Town and...

RECOMMENDED

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.