QR codes can be a tool for scams

A QR code is a type of barcode that can be scanned that is designed to be instantly read and interpreted by a digital device. It has been around since 1994 and one can store up to 4,296 alphanumeric characters.

Commonly used items usually have fewer characters, which allows for easy decoding using a smartphone camera.

In the nineties an engineer from the company dense wavesupplier of components for Toyotathey wanted to improve the labeling system for boxes of materials distributed by the factory, according to a report from Open University of Catalonia (UOC), in eastern Spain.

Masahiro Hara He created a new system bypassing barcodes he called “Quick Response”. One day, while playing the typical Japanese game of Go, he figured out how to use those black and white dots to encode information in two dimensions instead of one, as happened with barcode.

Although these squares have been around since 1994, they didn’t become a “really a household name” until the Covid era. Today, they describe from a cybersecurity company ESETThey can be seen everywhere and used for everything from displaying restaurant menus to facilitating contactless transactions.

Versatility, a double-edged sword

QR-encoded text strings can contain different data and codes can be used to open websites, download a file, add a contact, and connect to WIFI Even making payments. Its versatility can be a double-edged sword.

Its widespread use has attracted the attention of scammers, who can use it for malicious purposes.

Just as attackers can use malicious ads and other methods to direct victims to fraudulent sites, they can do the same with QRs. For example, they can easily manipulate a QR to trick a user into downloading a malicious PDF file or a fraudulent phone app, according to ESET.

Similarly, criminals can modify the QR of a financial transaction with their own data and receive payments into their account, and they can paste a generated code to point towards malicious urlabove the good QR on the concert poster.

The key and the general feeling

For this reason, consult experts before FAbove all, we must have common sense and distrust what we do not see clearly.

Jordi Serra, Professor Computer Science, Multimedia and Communication Studies At the UOC, he recommends configuring devices so that they don’t open links directly – the latest operating systems already do – so you can see the URL you’ll click on first.

You have to make sure that you do not enter personal data or that we do not download a file, for example.

He summarizes: “At first glance, it is very difficult to tell whether QR is harmful or not. Perhaps the first recommendation is to find out where it is.” Fabian Torresfrom Sicpa: “If it’s inside an official building or in a restaurant, we can assume it’s probably not harmful.”

On the contrary, “If it is on the street in a place where anyone can put it (a lamppost, a facade, a pole) we should really begin to take precautions, especially if it is accompanied by attractive and hugely unusual advertisements that incite us to pick it up.”

In addition to the location, take all the usual device protection precautions: passwordsthe latest versions of the operating system and applications, anti-malware, anti-virus, etc.

“Every day we see tampered with QR codes”; An example is the case of PCR tests. “The reality is that you don’t have to do engineering or go to the deep internet to fiddle or change these codes, on the internet you can find how to change them,” he says. constellations.

However, there are “impossible to tamper” with QRs that combine innovative technology – for example, mathematical encryption algorithms and blockchain-. “We solved” Certus It is used successfully all over the world Covid testimonials University titles or certificates for public and official documents,” says the Sicpa expert.