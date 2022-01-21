QR codes can be used to commit fraud (Photo: Pixabay)

Like other technological elements, QR codes (Rapid Response for its acronym in English) became popular after the pandemic for facilitating interaction without physical contact with other people. However, this has been a window of opportunity for cybercriminals.

Contrary to what you might think, QR codes have a vulnerability that hackers are taking advantage of to trick their victims into committing fraud.

Up to 4296 alphanumeric characters can be stored in QR codes, although those of general public use are usually smaller arrays to be easily captured from the phone’s camera to later open a web page, download a file, add a contact, connect to a Wi-Fi network and even make payments, among other things.

“Given the versatility of QR codes and the large number of actions that can be performed, the range of possibilities for a cybercriminal is extremely wide. If we add to this the number of QR codes that we find in bars, restaurants, shops, hotels, airports and even payment platforms and health certificates, the attack surface expands even more”, mentions Cecilia Pastorino, Security Researcher Computing from ESET, a cybersecurity company.

Due to their versatility, cybercriminals use them to scam people, using their bank or social network passwords, so To be protected, the following things can be taken into account:

– In the case of QR payments and financial operations, always verify that the transaction has been carried out successfully. Confirm the operation both on the buyer’s device and on the seller’s device and make sure you have received the money correctly.

– If you have QR codes available to the public, regularly check that they have not been adulterated.

– When generating a QR code use a trusted service to do it. Also, verify that the QR obtained by the service is correct and that it performs the desired action.

– Disable the option to perform automatic actions when reading a QR code, such as accessing a website, downloading a file, or connecting to a Wi-Fi network.

– Always check action before doing it. Check that the URL is correct, that the downloaded file, the data obtained or the action taken is as expected.

– Do not share QR codes with sensitive information, such as those used to access applications or those included in documents and health certificates. Avoid taking photos of them, do not share them and store them safely.

– Of course, always keep devices protected, have security tools and update applications. In this way, it will be much more difficult for a cybercriminal to compromise the information.

It is to be underlined that in case of scanning a malicious QR code, the user can enter a fraudulent website that could steal information or money, for example, recently in the United States, criminals placed in public parking meters located in different cities, stickers with false QR codes that led to the potential victims to a fake site to supposedly make the payment.

Also, these codes can lead them to download a malicious file and even install an application that the cyber criminal will use to spy and obtain personal information such as passwords. For all of the above, users must be careful before scanning a QR code.

