{"id":1115,"date":"2013-02-06T10:02:54","date_gmt":"2013-02-06T15:02:54","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=1115"},"modified":"2020-02-26T18:56:09","modified_gmt":"2020-02-26T14:56:09","slug":"qr-codes-convenient-dangerous","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/qr-codes-convenient-dangerous\/1115\/","title":{"rendered":"QR Codes: Convenient and\u2026Dangerous"},"content":{"rendered":"<p>These now-familiar square images you see in ads, magazines and posters have proved to be the easiest and cheapest way to link the real and the virtual worlds. All you have to do is take a picture of a QR code with your smartphone camera and you can follow a link to information on a website, save a contact\u2019s telephone number or download an application. Marketing specialists love the technology for its sheer simplicity, but so do cybercriminals. Therefore, you need to be very careful when pointing your device\u2019s camera at a QR code.<\/p>\n<p>A QR code (QR being short for quick response) can contain all sorts of text information and\/or links to online resources. QR codes have been popular for quite some time in Asia, and are now gaining popularity in Europe and the Americas. They can be seen everywhere: on billboards, goods exhibited in stores, on websites, various types of tickets and coupons\u2026the list goes on and on. At the same time, scams involving QR codes are also gaining in popularity. There are many cases of malicious QR codes being neatly placed over legitimate ones. This practice, with similarities to phishing, has come to be known as QRishing.<\/p>\n<p style=\"text-align: center\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/02\/05114603\/qrcode.jpeg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1116\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/02\/05114603\/qrcode.jpeg\" alt=\"\" width=\"305\" height=\"375\"><\/a><\/p>\n<p>It doesn\u2019t take much stretch of the imagination to see just how dangerous a QR code could be when displayed in a public place: in the subway, at an airport, a train station, or in a bank, for instance on an ATM. Most people will implicitly trust adverts, and would never imagine such a threat could be lurking in the building of a major bank.<\/p>\n<p>When a user takes a photo of a QR code, the link it stores is first displayed on the device\u2019s screen; however, cybercriminals also use URL shortening services (such as bit.ly and others) to disguise the ultimate address stored in the QR code which may lead to a page with malware that steals the user\u2019s credentials or to a phishing site. The situation is further complicated by the fact that a mobile browser may not always be capable of displaying the complete URL of the opened page, which is a real handicap when trying to spot a scam. To make matters worse, <a href=\"https:\/\/www.kaspersky.ru\/blog\/polovina-android-ustrojstv-uyazvima-k-atakam\/\" target=\"_blank\" rel=\"noopener\">mobile devices are often not as well protected from malware<\/a>.<\/p>\n<div class=\"pullquote\">There are many cases of malicious QR codes being neatly placed over legitimate ones. This practice, with similarities to phishing, has come to be known as QRishing.<\/div>\n<p>To reduce this type of threat, follow three simple recommendations:<\/p>\n<ol>\n<li>Be careful. Before scanning a QR code, make sure it is not covering another code. If in doubt, do no scan.<\/li>\n<li>After opening an app store or a website in your browser, make sure that the QR code has taken you to the place you expected to go. If you are about to install an application, make sure it was developed by the company whose ad or info you saw. Check to see the application\u2019s rating and\/or customer feedback. If there are very few or none at all, it\u2019s best to postpone the installation. If a code leads to a website, check the complete URL; otherwise, you may fall victim to a phishing scam. Extra caution is advised before entering your personal data or credentials, including email or e-banking data.<\/li>\n<li>If your smartphone allows the installation of <a href=\"https:\/\/www.kaspersky.com\/one\" target=\"_blank\" rel=\"noopener nofollow\">security applications\u00a0<\/a>that check sites for malicious content and downloaded software for malware, make sure you install such an application. This is especially appropriate for Android smartphones, which are now targeted by <a href=\"https:\/\/threatpost.com\/en_us\/blogs\/android-mdk-trojan-found-lurking-11k-apps-using-aes-encryption-012413\" target=\"_blank\" rel=\"noopener nofollow\">thousands of malware programs<\/a>.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>These now-familiar square images you see in ads, magazines and posters have proved to be the easiest and cheapest way to link the real and the virtual worlds. All you<\/p>\n","protected":false},"author":32,"featured_media":1117,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[77,76,283],"class_list":{"0":"post-1115","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-cybercrime","9":"tag-phishing","10":"tag-qr-code"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/qr-codes-convenient-dangerous\/1115\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/qr-codes-convenient-dangerous\/1115\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/qr-codes-convenient-dangerous\/1115\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/qr-codes-convenient-dangerous\/1115\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/qr-codes-convenient-dangerous\/1115\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/qr-codes-convenient-dangerous\/319\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/qr-codes-convenient-dangerous\/1115\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/qr-codes-convenient-dangerous\/1115\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/cybercrime\/","name":"cybercrime"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=1115"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1115\/revisions"}],"predecessor-version":[{"id":15472,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1115\/revisions\/15472"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/1117"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=1115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=1115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=1115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}