It’s safer to look for a link instead.
- QR codes are just as dangerous as malicious links in emails.
- These codes contain links that you can use to open apps, make calls, share your location, and more.
- Avoid QR codes and use links instead to protect yourself.
Rebecca Hausner / Unsplash:max_bytes(150000):strip_icc()/rebecca-hausner-SuWLiM_guBE-unsplash-3c75c6ba659d48b0a84ea57572fca433.jpg)
Instead of picking up dirty restaurant menus with your bare hands, we got used to the hygiene of QR codes. But these can be a little dirtier and a lot more dangerous than you might think.
In 2015, a German ketchup lover was taken directly to a porn site after scanning a QR code for Heinz’s disease. It may be embarrassing, but scanning QR codes blindly can lead to worse results. According to password management service 1Password, a QR code can make a call, indicate a location, initiate a phone call that displays the caller ID, and more. So what can we do about it?
“We’re all used to scanning QR codes to navigate menus or pay bills, and cybercriminals are now using malicious QR codes to create It’s being abused,” he said. Lifewire via email. “So it can look like code to pay for a parking meter, and the site will look incredibly legit. You’re just entering your credit card details directly into a thief’s database.”
bad connection
A QR code is just a shortcut to a link that can be read and decoded by your phone’s camera. We’ve been trained to never click on links in emails, even if they look real. However, QR code links are equally dangerous, with the added problem of not being able to see where the links lead until you scan them.
When we think of a link, we think of a URL that leads to a website. And in the case of the Heinz ketchup porn hack, that was the problem. Heinz let the domain name disappear and someone else bought it and loaded it with dirty images. URLs are dangerous, as Lurey’s parking meter phishing scam suggests, but links can do a lot more.
“One of the biggest issues is that unlike websites, QR links to shortened URLs rarely identify a company name,” Monty Knod, former commander of the Air Force’s 67th Cyberspace Operations Group, told Lifewire in an email. “He said. “It’s very likely a fake website or malicious link that someone clicks on it and sends a code to your computer or mobile device download, assuming it contains a restaurant menu, meeting agenda or charitable link.”
On mobile phones, links can trigger apps. For example, a Google Maps link will open in the Maps app. Links can also trigger phone calls, add contacts to your address book (make future calls and emails appear legitimate), share your location, and more.
Sophisticated scams involve the use of villains modifying existing legitimate QR codes to redirect victims. Advertiser Robert Barrows shared his story about the Video Enhanced Gravemarker.
“I realized there could be some issues with the QR code on the stele,” Barrows told Lifewire in an email. “What if the ink in the QR code rots over time? Will it link you to a completely different website? Someone What if I change the QR code with a marker?”
The same can happen with advertising posters, menus or QR codes.
LeoPatrizi/Getty Images:max_bytes(150000):strip_icc()/GettyImages-1303502055-3ab2334c69054e7b89e1d7a8ad4ee429.jpg)
protect yourself
The first step to protecting yourself is to recognize it. Do not scan the QR code unless you are sure it is secure. This means it doesn’t really scan QR codes.
However, if you need to check in to a restaurant or bar or scan to view menus, first make sure the code is not tampered with or covered with a sticker from another QR code. One tip is to turn off automatic QR code scanning in your phone settings if possible. But in reality, the best protection is to be careful.
Dave Cundiff, CISO at cybersecurity firm Cyvatar, told Lifewire via email, “If possible, it’s a good idea to go directly to a vendor’s website and get the information you’re looking for, just like a potential phishing link.” “In most cases, the information is hosted on the web and can be accessed directly from somewhere on the provider’s website.”
If the link is not available, don’t scan it. It’s not as convenient as dealing with the aftermath of a malicious link for days or weeks, but it’s not inconvenient either.
More information
Scanning That QR Code Could Be More Dangerous Than You Realize
It’s safer to find a link instead
QR codes are as dangerous as malicious links in emails.
These codes contain links that can open apps, start phone calls, share your location, and more.
Protect yourself by avoiding QR codes, and using a link instead.
Rebecca Hausner / Unsplash
Instead of picking up a filthy restaurant menu with our bare hands, we’ve gotten used to the hygiene of QR codes. But those can be a little dirtier and a lot more dangerous than you might think.
In 2015, a German ketchup lover scanned the QR code on their bottle of Heinz and got sent straight to a porn site. That could be embarrassing, but there are worse consequences for blindly scanning QR codes. According to password manager service 1Password, QR codes can trigger phone calls, betray your location, start a phone call that reveals your caller ID, and more. So what can we do about it?
“We’ve all become conditioned to scanning a QR code to browse a menu or even pay our bills, and cybercriminals are now capitalizing on this through the use of malicious QR codes,” Craig Lurey, cybersecurity expert and co-founder of Keeper Security, told Lifewire via email. “So what may look like a code to pay for a parking meter, and the site will look incredibly legitimate, you’re actually entering your credit card details directly into a thief’s database.”
Bad Links
A QR code is just a shortcut to a link that can be read by your phone’s camera and then decoded. We’ve all been trained never to click a link in an email, even if it looks legit. But QR code links are just as dangerous and have the added problem that you can’t see where they lead until you scan them.
When we think of links, we think of URLs that take us to websites. And in the case of the Heinz ketchup porn hack, that was the problem—Heinz let the domain name lapse, and somebody else bought it, then loaded it with dirty pictures. URLs are dangerous, as Lurey’s parking meter phishing scam illustrates, but links can do much more.
“One of the biggest problems is that, unlike websites, QR links to shortened URLs rarely identify the business name,” Monti Knode, former commander of the USAF 67th Cyberspace Operations Group, told Lifewire via email. “A person clicks on it and presumes it will provide a restaurant menu, conference agenda, or even a charity link, and it very well could be a spoofed site or a malicious link that downloads code to your computer or mobile device.”
On our phones, links can trigger apps. A Google Maps link opens in the map app, for example. Links can also trigger phone calls, add contacts to your address book (and therefore make future calls and emails seem to be legitimate), they can share your location, and more.
One ingenious scam involves a ne’er-do-well modifying an existing, legitimate QR code and using that to redirect victims. Advertiser Robert Barrows shared a story about his Video Enhanced Gravemarker.
“I realized that there could be several problems with QR codes on tombstones,” Barrows told Lifewire via email. “What happens if the ink on the QR code decays over time? Will you wind up linking to a totally different website? What happens if someone changes the QR code with a marker?”
The same thing could happen with advertising posters, menus, or any QR code.
LeoPatrizi / Getty Images
Protecting Yourself
Step one in protecting yourself is to be aware. Never scan a QR code unless you are certain that it is safe. Which really means, never scan a QR code ever.
But if you do have to scan to check in to a restaurant or bar or view a menu, first make sure that the code hasn’t been tampered with or covered with a sticker of another QR code. One tip is to switch off automatic QR code scanning in your phone’s settings, if possible. But really, the best protection is to be careful.
“When possible, just like with potential phishing links, the recommendations are to go directly to the provider’s website to retrieve the information you are looking for,” Dave Cundiff, CISO of cybersecurity company Cyvatar, told Lifewire via email. “In most instances, the information is web-hosted and accessible directly on the provider’s website somewhere.”
If the link isn’t available, don’t scan it. It’s way less convenient but not as inconvenient as speaking days or weeks dealing with the fallout of a malicious link.
#Scanning #Code #Dangerous #Realize
Scanning That QR Code Could Be More Dangerous Than You Realize
It’s safer to find a link instead
QR codes are as dangerous as malicious links in emails.
These codes contain links that can open apps, start phone calls, share your location, and more.
Protect yourself by avoiding QR codes, and using a link instead.
Rebecca Hausner / Unsplash
Instead of picking up a filthy restaurant menu with our bare hands, we’ve gotten used to the hygiene of QR codes. But those can be a little dirtier and a lot more dangerous than you might think.
In 2015, a German ketchup lover scanned the QR code on their bottle of Heinz and got sent straight to a porn site. That could be embarrassing, but there are worse consequences for blindly scanning QR codes. According to password manager service 1Password, QR codes can trigger phone calls, betray your location, start a phone call that reveals your caller ID, and more. So what can we do about it?
“We’ve all become conditioned to scanning a QR code to browse a menu or even pay our bills, and cybercriminals are now capitalizing on this through the use of malicious QR codes,” Craig Lurey, cybersecurity expert and co-founder of Keeper Security, told Lifewire via email. “So what may look like a code to pay for a parking meter, and the site will look incredibly legitimate, you’re actually entering your credit card details directly into a thief’s database.”
Bad Links
A QR code is just a shortcut to a link that can be read by your phone’s camera and then decoded. We’ve all been trained never to click a link in an email, even if it looks legit. But QR code links are just as dangerous and have the added problem that you can’t see where they lead until you scan them.
When we think of links, we think of URLs that take us to websites. And in the case of the Heinz ketchup porn hack, that was the problem—Heinz let the domain name lapse, and somebody else bought it, then loaded it with dirty pictures. URLs are dangerous, as Lurey’s parking meter phishing scam illustrates, but links can do much more.
“One of the biggest problems is that, unlike websites, QR links to shortened URLs rarely identify the business name,” Monti Knode, former commander of the USAF 67th Cyberspace Operations Group, told Lifewire via email. “A person clicks on it and presumes it will provide a restaurant menu, conference agenda, or even a charity link, and it very well could be a spoofed site or a malicious link that downloads code to your computer or mobile device.”
On our phones, links can trigger apps. A Google Maps link opens in the map app, for example. Links can also trigger phone calls, add contacts to your address book (and therefore make future calls and emails seem to be legitimate), they can share your location, and more.
One ingenious scam involves a ne’er-do-well modifying an existing, legitimate QR code and using that to redirect victims. Advertiser Robert Barrows shared a story about his Video Enhanced Gravemarker.
“I realized that there could be several problems with QR codes on tombstones,” Barrows told Lifewire via email. “What happens if the ink on the QR code decays over time? Will you wind up linking to a totally different website? What happens if someone changes the QR code with a marker?”
The same thing could happen with advertising posters, menus, or any QR code.
LeoPatrizi / Getty Images
Protecting Yourself
Step one in protecting yourself is to be aware. Never scan a QR code unless you are certain that it is safe. Which really means, never scan a QR code ever.
But if you do have to scan to check in to a restaurant or bar or view a menu, first make sure that the code hasn’t been tampered with or covered with a sticker of another QR code. One tip is to switch off automatic QR code scanning in your phone’s settings, if possible. But really, the best protection is to be careful.
“When possible, just like with potential phishing links, the recommendations are to go directly to the provider’s website to retrieve the information you are looking for,” Dave Cundiff, CISO of cybersecurity company Cyvatar, told Lifewire via email. “In most instances, the information is web-hosted and accessible directly on the provider’s website somewhere.”
If the link isn’t available, don’t scan it. It’s way less convenient but not as inconvenient as speaking days or weeks dealing with the fallout of a malicious link.
#Scanning #Code #Dangerous #Realize
Synthetic: Vik News
