If you want to see the cutting edge of technology, look at advancements that make it easier for organizations of any type, from charities to retailers, to get money from you.
QR (Quick Response) codes are everywhere these days. QR codes make many things easier and faster - not just for the consumer, but for the cyber crook as well. You can even scan them right off your television screen, which should be safe. However not all of these codes are trustworthy – some are traps or scams.
Many restaurants make their menu accessible on your phone by capturing the code on a sign when you enter. Check to make sure it’s not a fake code on a sticker covering the real code, because that’s one trick crooks pull – distract the host/hostess while an accomplice plasters the malicious code onto the sign.
Cyber criminals are cashing in with phony QR codes that take you to websites they spoofed (copied). Then they either steal your information OR lockup your phone – or even your work computer and network with Ransomware.
Consumer need to be careful about routinely capturing codes offering great deals – especially if they appear on the phone unsolicited. It is just that kind of advertising that enables the big ‘free’ social media companies to make tens of billions of dollars per year. There are so many ads bouncing onto a consumer’s screen that it’s difficult to spot the scams.
As an extra layer of Cybersecurity, Google offers a QR code sign-in. You must be signed into your Google account on at least one device already. Even though Google employs reasonably decent Cybersecurity measures, ANY website can be spoofed and provide the user with a malicious QR code.
Consumers and their smart phones have always been relatively easy marks for criminals. Mobile security provider MobileIron surveyed over 2,100 end-users across the US and UK and found results that were not at all comforting. Mobile users as a rule do not understand QR codes or their potential risks – 71% of those surveyed said they could not tell the difference between a malicious or a legitimate QR code. 51% of respondents had no idea what kind of security they had on their mobile devices – or even if they had any at all. Many don’t find out until they find themselves in a world of hurt.
The crooks targeting consumers are typically small-time, and they usually do not have IT services at their disposal – crooks usually just hit them for a couple hundred bucks and move on. The big-time criminals go after bigger money from businesses. This is where real IT support needs to stand guard.
How do I make sure a QR code is safe?
The FBI published advice on how to avoid these scams along with warnings:
“Here’s how to protect yourself:
- Do not scan a randomly found QR code.
- Be suspicious if, after scanning a QR code, the site asks for a password or login info.
- Do not scan QR codes received in emails unless you know they are legitimate. Call the sender to
confirm.
- Some scammers are physically pasting bogus codes over legitimate ones. If it looks as though a code
has been tampered with at your local bar or restaurant, don’t use it. Same thing with legitimate ads
you pick up or get in the mail.”
Cyber criminals have been perfecting their ability to infect business networks, and they are already doing it – both through phishing emails containing QR codes and through phones connected to business networks.
Phone to Network
Not too many years ago, only field personnel and management needed to have their smart phones connected to the office network. Since the massive rise in the remote workforce, employees who work remotely are typically connected on several different devices: desktops/laptops, phones, and tablets. The smart phone used to scan a code is a direct bridge to the office network. If a QR code is malicious, it would then have network access.
The growing threat of fake QR codes was a subject in a recent zoom symposium between ITFirm.com and a number of network security specialists across the country. Remote devices, especially phones, have long been the weakest link in security defenses.
This bolsters our encouragement to have employees undergo regular Security Awareness Training. Just as we at ITFirm.com teach our clients how to spot phishing emails and send them immediately to our IT HelpDesk, we have included the scanning of QR codes. Cybersecurity is not just the concern of IT Support – the end users must be on board and vigilant.
Once the crooks are in your phone – and your phone is connected to the network – they are in your network, and your in-house IT team or outsourced Managed IT Services provider is scrambling to contain the malware and negate the effects.
Frequently Asked Questions
What is QR code and how does it work?
A QR code operates in a fashion similar to the UPC code on items scanned at a store checkout counter, although much more sophisticated. The QR code does not merely give pricing and product information, it can take you directly to a website. If it’s a phishing website, no other action is generally needed – your phone is usually infected as soon as the web page opens.
Can QR codes have viruses?
The code itself cannot contain a virus - it contains information but does not have the capacity to store an executable file that is necessary for the release of a virus. The job of a phony QR code is that once scanned, it takes you to a malicious website where the infection can occur.
How can you tell a fake QR code?
The #1 way is to make sure the URL address matches the service you are seeking. Hold the camera over the code. Just hover – DO NOT SCAN IT! The URL attached to the code will appear. If it doesn’t, or if it has no relation to the service, it’s probably a scam, so don’t scan it – better safe than sorry.
Can you manipulate a QR code?
QR codes are static and cannot be edited, updated or tracked (unless the creator imbeds a way to track). Any attempts at manipulation are useless. It’s better to create an entirely new QR code.
How Secure is your network?
Also, as a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our Managed IT Services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
- IT HelpDesk Service
- Onsite IT Support
- Cybersecurity
- Cloud migration and management
- Email migration services
- Backup and disaster recovery
- VoIP phone systems
- IT disposition and recycling
- Office moves
- White label services (IT to IT)
Planning an Office Move?
Contact us today! We have the experience to ensure a seamless transition. After the move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at: 704-565-9705
