Be careful if you are used to scanning QR codes all the time! More and more scammers are exploiting this technology to spread malicious links. It’s easy to fall into this new, very fashionable trap!
Today, we are forced to be wary of everything, because scammers are increasing their ingenuity to trap their victims. Phishing emails and SMS, false login pages, fraudulent registered letters, phone calls with identity theft, fabricated job offers… It’s very simple, each message, each link, each call must be carefully studied, even those which seem the most banal. This is also the case for QR codes, which we strongly recommend that you be wary of. However, this little digital graphic code seems harmless! Used to obtain a Wi-Fi code, to directly download an application or to send to a website, we find it today in all forms, on restaurant menus, transport tickets, food product packaging , medication leaflets, posters in the subway, clothing labels, magazine advertisements, information panels, business cards or even on television. However, they are increasingly used by cybercriminals, who practice what is called quishing – it’s like phishing, but with a QR code.
Also, we strongly advise you not to scan these small 2D barcodes all the time, without necessarily paying attention to the platforms to which they refer you. Most of the time, they automatically redirect to a website or install malware on your device, and unfortunately, there is no way to distinguish a malicious QR code from a legitimate QR code. And that’s where the whole problem lies. Especially since it is very easy, thanks to websites, to quickly generate a QR code for a URL address. This is a formidable technique, because the cyberattack goes through the camera and thus bypasses the usual antiviruses and security filters.
Thus, crooks do not hesitate to stick QR codes on parking meters, which allows them to pocket the payment for the parking space. The same goes for charging stations for electric cars – the small town of Lorris, in Loiret, recently paid the price. They have also modernized the fake ANTAI SMS scam by posting false reports containing the small graphic on windshields, or can use them to hijack the secure payment system of platforms like Leboncoin to extract money to their victims. The QR code is also starting to appear in phishing emails and online advertisements. A method that may seem strange: why redirect us to a website when we are already there? Quite simply because they are often not detected by security software, making them more likely to reach their targets than dangerous attachments or links. Plus, it’s much faster to send thousands of fraudulent emails than to stick QR codes around town.
Also, we recommend that you respect a few safety rules each time you are about to scan one. First of all, never scan those you receive without good reason by email or SMS. Keep in mind that many QR codes embedded in emails are fraudulent, and if one links to a site asking for information that doesn’t seem necessary, it’s best not to forward it. Additionally, avoid using third-party apps to scan QR codes. All smartphones, on both iOS and Android, are capable of reading them natively from the native camera application. And if you ever absolutely want another app, don’t download one outside of the official stores – the Google Play Store and the Apple App Store – even if this is not a guarantee of absolute security. Finally, make sure you always have an up-to-date smartphone, protect your accounts with unique complex passwords and, where possible, enable double authentication.