QR codes have been active in the technological world since 2009. However, what at first should have the same functionality as a barcode, today is becoming an indispensable resource in our daily lives. Not only as a code to obtain more information about products, but also as a resource for consulting or contracting certain services.
It can be found in restaurants (digital menu), airports (passport, visa or vaccination certificate) and even in television commercials. But the National Police has already warned in several communiqués, about the worrying increase in cyber scams and pharming attacks (fake website) through QR codes.
In today’s advice we want to remind you of some aspects to keep in mind so as not to fall into the trap of a cybercriminal:
- Before using it, think about whether it is really essential and there are no other information alternatives: it may well not be necessary to use it at all. Especially if we are not sure of its authenticity. Thus, in case of doubt, it will be preferable to continue to consult the information by other means (official website, information brochures, etc.).
- Make sure that the QR code is correct: before scanning a QR on the terrace of a restaurant, on a billboard, on a brochure, at a bus stop, we must check that it has not been tampered with. Sometimes cybercriminals overlay a sticker with their fake QR, covering up the real QR. In case of doubt or if a possible fraud of this type is detected, it is preferable to alert of the manipulation and to consult the same information by other means (workers of the establishment, web page, etc.).
- Be suspicious of the authenticity of the QR if you see that the web page it links to is unrelated, not secure (it has a padlock or has an “S” at the end of https) or is very uninformative: the function of the QR is mainly advertising and informative. The usual is that it links to a location map, an email, a restaurant menu; a web page or a profile on a social network. But if the request is to enter personal data, bank or payment details or even download a file, an application or click on a link on a blank page, we could be facing a possible cyber-scam technique.