Wednesday, January 11, 2012

How to Protect Yourself from Malicious QR Codes

QR Code Leads to Google.comWould you scan a QR code that was embedded on a website?

The idea may not make much sense to those who are familiar with QR codes.

While QR codes initially started out as a useful tracking method in vehicle manufacturing, they’ve now blossomed into an easy way to share website URLs and other information with the help of a QR scanning smartphone app.

QR codes can be seen in magazine ads, billboards, retail stores, television commercials – almost anywhere you can think of – and who can resist finding out where it leads?

To the naked eye, QR codes look like nothing more than pixelated blocks that make you think you’re being shoved straight into a Rorschach test. Due to the fact that users have no real way of determining whether or not the website that a QR code could link them to is safe, security researchers didn’t hesitate to warn folks about the possibility of cybercriminals jumping on the opportunity to spread malicious websites.

As it turns out, they were right. For when opportunity knocks, the bad guys always answer.

Cyber crooks have begun placing malicious QR codes on sites that they then promote via spam campaigns.

One example discovered by Websense Security Labs directed users to a pharmaceutical site, while Kaspersky Labs expert Denis Maslennikov found a malicious QR code that lead to Android malware that sent text messages that cost the user $6 apiece.

With so many companies taking interest in adding QR codes to their marketing campaigns, how can users protect themselves from the bad guys hiding in the mix?

  • Use a QR code scanning app that allows you to preview the encoded URL before visiting it. If the link appears suspicious, hit ‘Cancel’ and don’t follow it. (Android users may want to check out QR Droid Private)

  • Only provide personal information on trusted websites and always be sure to double-check the URL before logging in or providing sensitive data.

  • If you’re being directed to an app, consider downloading it from an official (and trusted) app store instead. On top of that, make sure you always review the user ratings and permissions before downloading or installing an app.


Have you come across any QR codes that you didn't trust? Share your experience below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment