Beware before you scan a QR Code

A skillfully crafted flyer, persuasive marketing collateral, and a well-designed website all may share one thing: a QR Code that urges you to scan it and go to the destination it directs you to. You scan the innocent-looking, cute QR Code, and it dutifully takes you somewhere unknown in the jungle of the Worldwide Web. How do you know it is not a booby trap?

QR code spoofing can pose significant risks, especially when users blindly trust QR codes and interact with malicious sites. Here’s how one can mitigate such risks and avoid falling victim to such attacks:

Steps to Mitigate QR Code Spoofing Risks:

1. Verify the Source of the QR Code

• Physical Location: If you encounter a QR code in a public place, inspect it to ensure it hasn’t been tampered with (e.g., stickers placed over legitimate QR codes, tampering with the flyer, etc.).
• Online Sources: Only scan QR codes from trusted websites, apps, or sources.

2. Preview the URL Before Interacting

• You can use a QR code scanner app or smartphone feature that shows the URL before redirecting. Please don't proceed if the URL looks suspicious, misspelled, or unrelated to the expected source.

3. Do Not Make Blind Payments

• Before making a payment, ensure the site is legitimate by checking:

? The URL structure (e.g., HTTPS, correct domain spelling).

? Secure payment symbols (e.g., a padlock icon in the browser).

4. Enable Two-Factor Authentication (2FA)

• Even if credentials are compromised, 2FA provides an extra layer of security. It's best to use app-based 2FA over SMS where possible. The SMS may not be secure and is prone to man-in-the-middle attacks.

5. Educate Yourself on Red Flags

• Please be careful of unusual requests, such as QR codes leading to unexpected payment pages or requests for login credentials.

6. Regularly Monitor Your Accounts

? Frequently review bank and credit card transactions to detect unauthorized activity early.

Finally, always ask yourself why you are scanning the QR code and not accessing the payment portal, website, or service directly through their official apps or websites. Do you know if you are too lazy to find the official address? Is it just because it is convenient? Please consider the risks before you scan a QR Code and follow the above six safeguards.

Happy interneting!