QR codes are GREAT!!!!
The usually square Quick Response, or QR, code is everywhere. When scanned, they can quickly take you to a website or URL with more information about some subject.
Awesome! I love it. QR codes save printing costs of brochures. They allow you to order at a restaurant, pay your parking meter, and they can even be used to verify your identity.
Anyone can generate a QR code online for free, without any sort of registration (see QR Code Monkey, for example). Again, I have no problem with this. I use them more and more regularly.
WHAT’S THE PROBLEM?
What IS of concern is QR code manipulation or alteration called “Quishing” in order to scam, fool, lie, and / or deceive in order to:
- redirect users to fake websites,
- install malicious applications (malware),
- initiate phishing attacks, or
- steal information or money.
These manipulations usually take one of two forms:
- Fake Websites. These fall under the “phishing” realm. They are actual, intact QR codes that take you to the intended website URL, but the websites themselves were set up to steal your information. These codes may exist out in the world, or be sent to you as images via email, text or chat.
- Tampered Codes. This happens when some bad actor either uses a sticker or other means to either alter slightly or change completely the website URL destination intended by the original creator of the QR code.
WHAT CAN I DO?
ALWAYS print / list / include the intended URL (or at least the domain name) near the QR code.
kpservices.us
This simple step will confirm to the user that the QR code will take them to the website URL they expect it to.
How? Most QR code readers (and camera apps) will display the decoded QR code URL on the screen when it detects a QR code. The user can then match it to the printed URL to verify it’s authenticity.
DO IT!!!!!