Although they are very practical on a daily basis, QR Codes can also harbor great dangers. Here’s what to check to avoid getting tricked.
QR Codes have invaded our daily lives. Various packaging, advertisements, food and non-food products, restaurants, hotels, areas offering a public WiFi network… we find them everywhere. They are in fact very practical for providing access to more information on a product or service or for your smartphone to automatically connect to a Wi-Fi network without having to enter any complicated password. Simply point the mobile camera at it to display the corresponding page or launch an app. And it is precisely this ultra-simple aspect that can put your personal data at risk.
A QR Code is actually nothing more than a graphic shortcut that can be understood by your camera software. It generally hides an Internet address but can also include the information necessary to download a file or automatically connect the mobile to a Wi-Fi network. And when you scan a QR Code, little information is displayed on the screen. In general, if it is a website, only the start of the address (the URL) is presented in clear text and all you have to do is press it to access the site. However, an extra step can prevent you from making a mistake by connecting to a shady site and avoid downloading viruses.
Also, it is better not to press directly on the address displayed after scanning a QR Code. On Android, tap the small upward-pointing arrow at the end of the address. On iPhone, tap the QR Code icon to the right of the address. The screen will display the full URL of the site to which the QR Code will redirect you. You can then check that it is not a strange address and if in doubt copy it and submit it to a verification service like VirusTotal which will tell you if it is, for example, a phishing or scam attempt.
Also be wary of QR Codes that allow you to automatically connect to a public Wi-Fi network. Nothing says that this network made available for free is not the work of a hacker eager to siphon data from your smartphone. And there, unfortunately, no verification is possible… unless you ask the owner of the premises if he is indeed the originator of this Wi-Fi network.