Security experts say QR codes can unlock your phone for hackers. An insight
Although QR codes are literally everywhere, any hacker can access your sensitive data and money and redirect them for criminal purposes. Here’s what you can do to avoid getting stuck with a bad QR code scam.
You can find a QR code on literally anything these days – right from restaurants, auto rickshaws, kirana shops and even on the local trains. These black-and-white codes are business owners’ digital calling cards and are even a convenient way to check out menus at high-end restaurants.
Scanning a QR code has become something of an addiction and has become widespread because they are so convenient and so accessible.
They can also be a dream entry point for hackers.
For example: Just look at the 2022 Super Bowl Coinbase commercial that featured a multi-colored QR code popping up on screens.
More than 20 million people scanned this random code. Although this appeared to be a Bitcoin ad, this ad just proves that we too tend to scan for codes out of curiosity.
And this can be dangerous.
This is how: So usually, QR codes or quick response codes are generally easy to read for our phones or camera-equipped devices, and once scanned, the information is translated, and users are redirected to a web address or an app. Because they’re so easy to use, scanners we usually them without thinking about it.
But in early 2022, an FBI memo mentioned how some cyber hackers began tampering with legitimate QR codes (both physical and digital) and redirected victims to malicious websites, thereby stealing their login credentials and financial information. Even if we scan a code and think it’s legitimate, cybercriminals exploit this technology by:
- Direct QR code scans to malicious websites to steal a person’s data
- They then insert malware to gain access to a person’s device and steal their location and personal and financial information
- And then redirect payments for cybercriminal use.
Therefore, be careful when entering financial information and when providing payment details to a website accessed through a QR code.
So how do you exercise caution?
Since the law cannot guarantee the recovery of lost funds after you have transferred money, you can do the following:
1. Turn on multi-factor authentication (MFA)
2. Never download apps from QR codes
3. Don’t scan through every other UPI ID. Calm down.
4. Look for signs of physical tampering or spelling errors.
5. If you get a QR code in your email, chances are the QR code may take you to a completely unrelated website. Beware of spending time on such websites as attackers can create clone URLs and use this website to fish out your information.
6. Check whether the information on the website and the QR code make sense.
7. If you receive a QR code that you think is from someone you know, contact them via a known number or address to confirm that the code is from them.