Beware of unknown QR codes—they could contain malware

Thanks to the pandemic, QR codes have popped up on ad posters, restaurant tables, and billboards around the world, inviting people to scan them in order to view menus and marketing information without having to type a web address into their phones. But clicking QR codes too hastily can risk bringing malware to your smartphone, cautions Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project (S.T.O.P.). “If someone just walked up to you on a street corner, you wouldn’t just take a thumb drive from them and plug it into your laptop,” he says. [Photo: S.T.O.P.]S.T.O.P. has been placing flyers and signs advertising fake events like comedy shows, venue openings, and trivia nights around New York City, where S.T.O.P. is based, with each bearing a QR code. Hundreds of people have scanned the QR codes and visited associated websites, which S.T.O.P. set up to bear warnings about the dangers of loading unknown QR codes, Cahn says. Now, the group is encouraging its supporters around the country to put up their own flyers with the codes to educate people in their communities. “What we were able to find was that just by putting these generic QR codes around the city, we were able to get hundreds and hundreds of people to click through in a very short amount of time,” Cahn says. Merchants and advertisers often like using QR codes because they get people seeing real-world ads or visiting their brick and mortar locations to visit their websites, where they can be shown additional information and also potentially targeted for special offers if they return. If the codes are from a trusted source, they’re not inherently any more risky than visiting a company’s website directly or through a search engine. But, Cahn argues, it’s very easy for anyone to put up bogus QR codes in public, whether they’re posting flyers for nonexistent events on telephone poles or slipping fake codes for viewing a menu on tables outside a restaurant. He recommends people use a search engine to find a trusted link, when possible, and says he generally asks for a paper menu when dining out. “You’re never going to be able to verify [QR codes] as easily as you can verify a URL you visit,” he says. [Photo: S.T.O.P.]Luckily, he says, many restaurants have found that QR code menus are discouraging to customers, so while these were used to facilitate contactless ordering during the height of the coronavirus pandemic, many eateries are already switching back to traditional menus.

        if(typeof(jQuery)=="function"){(function($){$.fn.fitVids=function(){}})(jQuery)};
            jwplayer('jwplayer_JOBQAEDN_G2hQKLvX_div').setup(
            {"playlist":"https:\/\/content.jwplatform.com\/feeds\/JOBQAEDN.json","ph":2}
        );

It’s also a good idea to be wary of QR codes used for payment that often show up for street vendor tables and food trucks, Cahn says. That’s because someone could surreptitiously cover up a QR code sticker with a fake one, pointing to a similarly named payment account. Cahn says he thinks QR codes will prove to be largely a fad. But however long they stay prominent, it’s a good idea to think twice before you scan them, unless you’re sure you know they’re created by someone you trust.

https://www.fastcompany.com/90690912/qr-codes-malware-problem?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss