Scanning That QR Code Can Leave You Vulnerable. Here’s How to Protect Yourself

It’s hard to believe that something nefarious can lie within a QR code, but it can.

Credit: nenetus/Adobe Stock; Aleksei Cheremisinov/Getty Images

QR codes have become a convenience of modern life. Just scan the black and white mosaic with your phone’s camera and you can do everything from connect to your hotel room Wi-Fi to pay for that public parking space to pull up a restaurant menu. 

But QR codes can also leave you vulnerable. That’s because scammers, organized criminal gangs, and shady nation-states are using the unassuming tech to get you to hand over your data unwittingly. Here’s how they’re doing it, and how you can protect yourself.

People love the convenience of QR codes—but so do scammers

It’s hard to believe that something nefarious can lie within a QR code, but it can. In order to understand why, it helps to know how a QR code works. Short for “quick response code,” a QR code is essentially a more advanced version of UPC “bar” codes that have been found on packaged products for decades.

An old-school UPC code (short for “universal product code”) is a one-dimensional image composed of vertical bars of different widths that represent different numbers. When the barcode is scanned, the numbers are read and compared with a database to identify the related product.

How Canva Became the Power Player in the AI Design Wars

QR codes are two-dimensional images with glyphs of various sizes that store not just numbers, but text. When scanned, your phone extracts the encoded information and can act on it. For example, QR codes often embed URLs, allowing you to scan, say, a parking meter to launch a webpage where you can pay online. 

For sure, this is a lot more convenient than manually typing a URL into your phone’s browser to load the payment page. But our desire for—and unquestioning acceptance of—this convenience is now being exploited by scammers through what has become known as “quishing.”

The growing threat of quishing

Increasingly, everyone from scammers to nation-states are trying to exploit our willingness to use QR codes. They do this by embedding malicious links in them and sending them to a person via email, often purporting to be from their bank or an online service they use. Alternatively, individual malicious actors have been known to print QR codes with malicious links embedded and physically place them over authentic QR codes on parking meters, restaurant tables, and in hotel rooms.

© Inc.com