QR code Protus3 holiday card

A Quick Response Isn’t Always the Best Response

Amanda StricklandComputer Forensics


quick response QR code Protus3 holiday cardRecently both state and federal officials have been sending out alerts related to malicious QR (quick response) codes. With the increased use of QR codes, scammers are turning to this technology and redirecting victims to malicious websites.

So what is a QR (quick response) code? Basically, it’s a series of squares arranged in a matrix or grid shape to create a specific pattern. This pattern can be read by mobile devices and translated into text and other characters. As an example, we’ve included the QR code to Protus3’s 2021 holiday card. (It’s safe to scan.)

A QR code is similar to a barcode, but it can store and transmit much more data. QR codes can store up to 4000 characters of text. They can link to a website, authenticate online accounts, send and receive payment information, and much more.

QR codes can be read by mobile phones through the camera or another app. Some smartphones have built-in QR readers, and many apps are available for reading QR codes. If you have a phone model from the last year or so, you probably have a QR code reader built in, usually as part of the camera function.

Because they can hold a lot of information, QR codes are really useful. During the pandemic, the use of QR codes increased. Restaurants could use them to show customers the menu. Retail locations could use them to provide more information about a product or service. Event venues could deliver flyers or program information. All of these “digital items” replaced a physical item that didn’t have to be handled by staff or customers.

Recommendations

So how do you make safer choices about quick response codes? The FBI said it pretty well in their public service announcement.

  • Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
  • Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
  • If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
  • Do not download an app from a QR code. Use your phone’s app store for a safer download.
  • If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
  • Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
  • If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
  • Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.

Remember, don’t click that link, and don’t scan that QR code without checking first!