Beware of unknown QR codes – they could contain malware



Thanks to the pandemic, QR codes have popped up on billboards, restaurant tables and billboards around the world, inviting people to scan them to display menus and marketing information without having to type a web address into their phone.

But clicking on QR codes too hastily can risk bringing malware onto your smartphone, warns Albert Fox Cahn, founder and managing director of Surveillance Technology Surveillance Project (STOP).

“If someone just walks up to you on a street corner, you wouldn’t just take them a USB stick and plug it into your laptop,” he says.

[Photo: S.T.O.P.]

STOP has posted flyers and signs with fake events such as comedy shows, venue openings and quiz nights in New York City, where STOP is located, each with a QR code attached. Hundreds of people have scanned the QR codes and visited related websites that STOP set up to warn of the dangers of loading unknown QR codes, says Cahn. Now the group is encouraging supporters across the country to put up their own flyers with the codes to educate people in their communities.

“We found that just by adding these generic QR codes we could get hundreds and hundreds of people across town to click their way through in no time,” says Cahn.

Merchants and advertisers often like to use QR codes because they encourage people to see real-world ads or visit their brick and mortar locations to visit their websites which will show them additional information and may show them special offers when they return. When the codes come from a trusted source, they are inherently no riskier than visiting a company’s website directly or through a search engine.

But, argues Cahn, it’s very easy for anyone to post fake QR codes in public, be it to post flyers for non-existent events on telephone poles or to stick fake codes to display a menu on tables outside a restaurant. He advises people to use a search engine if possible to find a trustworthy link and says that when eating, he generally asks for a paper map.

“You will never be able to verify it [QR codes] as easy as you can check a visited url, ”he says.

[Photo: S.T.O.P.]

Fortunately, he says, many restaurants have found QR code menus to be daunting for customers.

It’s also a good idea to be wary of QR codes, which are used for payment and are often displayed on street vendors and food trucks, says Cahn. That’s because someone could secretly cover a QR code sticker with a fake one that points to a similarly named payment account.

Cahn believes QR codes will prove to be a fad. But no matter how long they stay prominent, it’s a good idea to think twice before scanning them, unless you know they were created by someone you trust.



Leave A Reply