Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 489
- Reaction score
- 1,549
- Points
- 93
Explaining the Dangers of QR Codes.
QR codes are ubiquitous nowadays. They are used to participate in surveys, download useful materials and navigate to interesting websites. It's much easier to point your phone at an image than to manually type in a website address. However, behind the apparent convenience lies a significant drawback. With regular links you can often spot a scam with the naked eye. Red flags like typos or extra characters in the website address, disguised redirects, strange domain zones and more are well-known indicators. But deciphering where a cluster of black squares will lead you and whether you should refrain from following it's impossible. In this post I will demonstrate through a vivid example the dangers of seemingly harmless squares and share how to avoid falling victim to fraud. We will be guided by the story of a woman who lost $20,000 after scanning a QR code to claim a free bubble tea.
Bubble Tea for $20,000.
Many have encountered promotions in various cafes where visitors are invited to take a short survey and receive a complimentary drink or a discount in return. Often all it takes is scanning a QR code at the checkout - a familiar and almost routine action. What could possibly go wrong? This was probably the same thought of a sixty-year-old Singapore resident. To receive a free bubble tea she scanned a QR code on a sticker attached to the cafe's glass door. It later turned out that the sticker was placed by scammers. The code led to a link for downloading a third-party Android app where she was supposed to take a survey. The app turned out to be malicious.
After installation the program requested access to the user's camera and microphone, and asked to enable the Android Accessibility Service. This built-in Android system service allows criminals not only to see and control the victim's screen but also to disable facial recognition and fingerprint functions, forcing the victim to enter the password for their banking app. After this the scammers only needed to wait for the woman to use her banking services, intercept her credentials and later use them to transfer all her money to their accounts.
How to Avoid Falling Victim?
Since completely avoiding scanning QR codes is unlikely (and not necessary) we recommend the following precautions:
- Do a quick ‘physical’ check before scanning a QR code on a poster or board to make sure the code is not fixed on top of the original image.
Always remind yourself that whatever caption is printed underneath or next to the QR code isn't connected in any way to the code itself. - Analyze whether the resources correspond to the advertised content. If not - it's best to close the site immediately. Even if the page doesn't raise suspicions, be cautious - it could be a high-quality fake.
- Be careful with the the link that appears after scanning the code. Be cautious if the link is shortened because with QR codes there is really no reason to shorten a link. Use a search engine instead or go yourself to the official shop or online address.
- Avoid downloading apps via QR codes. Typically these apps are easily found by name on Google Play, the App Store or any other official store. It's best to avoid installing apps from third-party sources in any case.
- Secure your devices with reliable protective solutions that include a built-in QR scanner to verify the link hidden within the squares. Such a solution will block attempts to navigate to malicious sites and protect against various other online threats.
QR codes were once developed for our convenience sometimes but you should always think twice if you are using them!