Checking in at places, calling up test results, reading in certificates: people around the world got used to QR codes at the latest with the corona pandemic. Criminals also take advantage of this.
Whether digital or on paper: When using QR codes, trust must not be unlimited.
QR codes are a security risk
Because the square pixel codes can in principle also be manipulated or have already been created with fraudulent intentions, warns the US law enforcement agency FBI.
For example, cybercriminals tried to lure their victims to fake websites using QR codes. There, for example, login data for services and accounts as well as sensitive financial information are stolen or payments, such as cryptocurrency transactions, are diverted.
It is also possible that QR codes trigger the download and installation of malware, which the perpetrators use to gain access to the user’s device and data.
Also interesting: How does the corona vaccination certificate get on the smartphone?
Stay safe with these tips from the FBI
- When scanning a code, check that the expected website actually opens and that it is authentic: the address must be correct and must not contain any typos or wrong letters.
- If a website is about entering log-in data, personal information or data relating to money and financial transactions, you should be particularly critical if the page was accessed via a QR code.
- Avoid making payments on websites accessed via a QR code. Instead, it is better to enter the respective (known and trusted) Internet address by hand if something is to be paid for there.
- With physical, i.e. printed QR codes, you should always make sure that an original code has not been pasted over with another code.
- If possible, do not start app downloads and installations via QR codes, but download applications from the official stores.
- Do not install an extra scanner app: In most cases, the smartphone camera acts as a scanner or a scanner is integrated in the browser.
- An acquaintance apparently sent a QR code? Or a company you recently bought something from sends you an e-mail about an allegedly failed payment and is now demanding a new payment via QR code? In both cases it is better to pick up the phone and ask directly whether the message is genuine. Caution: Do not copy a company’s phone number from the email, as it could be fake. Better to go to the company’s site through a search engine and look up a contact number.