While some of us will use them more than others, QR codes are already part of our daily lives. They are everywhere: restaurants, shops, supermarkets, websites, billboards, payment gateways, libraries, and pretty much anywhere you can imagine.
They help us a lot to facilitate processes or get more information about something, but Did you know they can be dangerous? There are many people on the Internet and in the real world who create fake QR codes to try to fool you, but you are in luck when you come across this article. Why? Because we will teach you How to know if it is safe to scan a QR.
Avoid scanning QR codes you find on the street
As well as You should never plug in a USB device you find on the street., You shouldn’t even scan a QR code you find out of nowhere.. It seems obvious enough, but sometimes we get too confident.
And mind you, we’re not talking about avoiding QR codes on billboards and the like, although we’ll still subject them to other security tests that you’ll read about later. We’re talking about the QR codes you find stuck somewhere in the middle of nowhere or very crowded where no one will pay much attention to you. QR codes that don’t contain any additional information or anything like that. Come on, let him shout “I am a potentially dangerous QR!”.
It may be that nothing actually happens and it is a legitimate QR code (we will see this in other sections). However, the risk that it is fake and redirects you to a dangerous link is high. Ultimately, creating a QR for anything is very easy, for better or worse, so it’s best to avoid it.
Check that the QR code does not show any signs of tampering
If you still decide to continue with the previous warning, a good safety measure is to check that the QR has not been tampered with. Let’s take an example: if you are in a restaurant with a large number of people, many times the waiters will not be attentive to everything that is happening and someone might stick a fake QR code sticker on the real one that’s on the table, on the menu or something.
So even if There is no foolproof way To check if a QR code has not been tampered with you can follow these tips:
- Check that the QR code is not stuck on another one.
- If you are in a club, Ask whoever serves you if that is the real QR code.
- If it’s in a catalog or menu, vMake sure you use similar fonts and designs. to the rest of the visual elements.
- If they give you a flyer with a QR, Check that the person who gave it to you is who he says he is. (a promoter, for example).
Check the QR code source
If you’ve read the previous section, we’ve already explained a couple of ways to prove the origin of a QR, but that’s in the physical realm. In the digital world, you can do something similar, but there are times when you can’t.
A very clear example of this is that You have unknowingly entered a fake website that pretends to be a legitimate business (phishing). Hackers are working harder to make them look more like the real thing, and that’s happening with emails too.
In these cases There will be no one to answer you directly if it is legit or notand if they do it will surely be the hacker who will try to trick you. SO, How can you protect yourself? Well, checking the source:
- If it’s a website: Verify that the URL is correct and not a variant who wants to go unnoticed. An example? www.instagram.com (real) and wwww.lnstagram.com (fake, with an “l” instead of an “i”).
- If it’s an email: you should check who is sending it and check if their address looks real or is using some weird domain. Also, remember that companies like banks, fintechs, social networks and others will never ask you to follow a QR in their emails.
If you find any inconsistency, if the website or email writing has many errors and other details like that, do not open that QR because you may end up on a fake website to steal your data or download malware on your device.
Check the QR code URL before opening it
If you have decided to go ahead and scan the QR, It is very important to verify your URL before entering. to see if it can be safe or not. Almost all apps that allow you to scan QR codes will show you a preview of the URL you will be accessing.
If the URL looks suspicious because it uses domains or subdomains that make you suspicious, simply do not proceed. You can also use online tools to check if the link is safe.
You felt like an adventurer, you scanned the QR and continued to the URL I sent you. In some cases it will not be too late, but you are faced with your last safety barrier and you have to try not to climb over it. In this case, we will analyze three parts:
- If the QR URL asks you to grant any permissions: Don’t give it to him under any circumstances. There is no reason for a QR to ask you for access to your contacts, messages, cameras, location, or anything else.. This is a huge red flag that can put your information at risk.
- If the QR URL asks you to download a file: only open it if it is a file whose origin and purpose you are sure of. Otherwise, it’s better to avoid it. And if it’s an app, be even more careful.
- If your browser sends you a warning: for example the website or file you are trying to access is not secure, It is better not to continue with the downloadaccess or execution.
Finally, Always remember to update your mobile operating system and apps just to help you identify any attacks more easily. Remember, it never hurts to be cautious.