QR CODE or Quick Response Code is an innovation which has transformed the way that many people navigate the web. This strange language composed of amorphous black and white designs is a method of encoding information contained in a string of text.
It is mainly found on printed paper or on the labels of certain products. It is most commonly used to facilitate access to a company web portal. The procedure is quite simple and involves using the camera on a smartphone or tablet to scan the code, enabling the user to access the website automatically without having to type in the address.
How a QR code is created
Generating a QR code has become child’s play. There are in fact a large number of specialised apps for this purpose which are able to take a text, web address or email and immediately convert it into a visual code made up of black and white pixels.
Once the code has been generated it can be printed onto leaflets, labels, advertising hoardings and other paper material. QR generators are free and can even be downloaded onto a mobile phone, making their use even easier.
The risks of QR code use
The average user uses a QR code because it is convenient and allows them to avoid wasting time typing in a complex URL, thereby eliminating the risk of typing errors.
Its ease of use and the facility with which QR codes can be generated, combined with the effective illegibility of the encrypted content, can however constitute a potential security risk to be exploited by cybercriminals.
The information contained in a QR code cannot be known until it is scanned using a special application (which often activates automatic redirection to the web portal); this prevents the user from knowing the URL in advance, so that he cannot determine its content.
In general, the user tends to trust the context in which the QR code is inserted, but nevertheless there is no absolute certainty that the code will not contain links to malevolent sites.
Any ill-intentioned individual could, for example, use a bank leaflet (which people would expect to be trustworthy) and substitute the QR code displayed on it (which should redirect to the bank’s website) with an ad hoc code which redirects to a malevolent portal, which although similar to the real bank’s website, is actually designed to steal people’s access details.
These security vulnerabilities are not easily identifiable, especially by non-experts or those who have limited knowledge of how these visual codes operate.
Defending yourself from fraud via QR code
It is not the aim of this article to demonise QR codes, but rather to make consumers aware of the risks and ‘arm’ them with the necessary knowledge to avoid unpleasant situations.
Below are some guidelines and ‘good practice’ tips to adopt before using a QR code:
- If a QR code seems out of context, it is advisable not to scan it;
- Equip yourself with a trusted code reading app (such as QR Code Reader or QR Droid), possibly with good reviews;
- Check that the app also contains a function to visualise the decrypted string of text and that, above all, it does not automatically open any URL’s;
- Do not trust short links (abbreviations of links such as bit.ly etc.).
By following these simple precautions, you can use QR codes with enhanced security, while taking full advantage of them.
Translated by Joanne Beckwith