Key Takeaways
- Check a QR code for signs of tampering and verify its authenticity by determining the source and checking the URL.
- Avoid granting unnecessary permissions to redirected websites.
- Also, watch out for security warnings that your device might display when you scan a bad QR code.
QR codes are everywhere. From menus to bus stops to websites, they’re a handy way to convey information without taking up heaps of space. And, given how common they are, you’re unlikely to think twice before scanning one.
However, did you know that QR codes are easy to fake and even easier to direct to a malicious website?
That’s why I’m always on guard when scanning QR codes. Here are all the things I do to ensure a QR code is safe to scan.
1 Check for Signs of Tampering
QR codes are easy to create. In fact, there are several online tools that can help you create your own QR code. However, this means a scammer can easily replace legitimate QR codes with fake ones that they create. So, how can you determine if a QR code has been tampered with?
Always check if any stickers are placed over existing codes or if the QR code seems to have been printed and stuck to a surface. You’ll want to pay close attention and check for these signs, especially if the QR code is located in an easily accessible place, like an unsupervised parking lot or a busy restaurant.
2 Determine the Source
If you spot a QR code in a physical location, like a restaurant or store, but suspect it might be fake, you can ask the staff to confirm if it’s genuine. Online codes, though, are a whole other story.
Hackers pose as legitimate businesses and create fake websites or send phishing emails with QR codes. If you ever come across a QR code online, I recommend taking a few minutes to examine the source, i.e., the sender’s email or the website you’re on. If you spot any inconsistencies in the branding or the communication feels unprofessional or full of grammatical errors and misspellings, I recommend not proceeding further.
3 Verify the URL
Scammers who use bad QR codes rely on people not checking the URL before opening the link associated with the QR code. Of course, the human eye can’t read QR codes. However, you can verify the preview of the URL on your screen.
Businesses will almost always use a domain name associated with their brand name. If the URL is something unusual, it’s best to err on the side of caution and avoid clicking the link. If you really must, use an online tool to check if the link is safe.
4 Permission Prompts
If you scan a QR code and it prompts you to grant access to your contacts, messages, camera, or location when there’s no reason for it, consider it a major red flag. Granting these permissions could allow bad actors to access your information and compromise your phone’s security.
5 Watch Out for Security Warnings
I once absentmindedly scanned a QR code and failed to check the preview of the URL. Fortunately for me, my browser alerted me to the fact that it was an unsafe site. If you scan a QR code that attempts to redirect you, make sure to pay attention to any warnings your browser or device might show.
In line with this, if you don’t have auto-updates turned on, I highly recommend enabling them or manually updating the operating system, apps, and other related software to keep your smartphone secure.
Despite being careful, even the most vigilant users can make mistakes. That’s why it helps to familiarize yourself with things you should do if you scan a fake QR code. From immediately turning off the internet on your device to changing passwords, there are steps you can take to minimize the potential damage.