The fact that QR Codes are so cheap and easy to make, and that consumers are so eager to scan them to see what they reveal, makes a QR Code a good tool for cybercriminals. Think about it: Scanning a QR Code poses a lot of the same threats as opening a dubious web page without any of the warnings that generally come with the latter.
One advantage of opening web pages is that you can see the link you’re opening, and if it doesn’t look right, you can pass on clicking it. That’s not true with QR Codes. You just point and scan and don’t really think about the risks.
The threat is that the QR Code could have a malicious URL embedded in it that takes you to site malware — short for malicious software — that can be, unbeknownst to you, installed on your mobile device. Malware can comprise your device’s software and share sensitive information with cybercriminals. Some of the ways that malware poses a threat to you include:
Making your calendar, contacts, and even credit card information available to criminals
Stealing your Facebook, Google, and other passwords and posting without your knowledge or permission
Tracking your location for criminal purposes
Infecting your device with malware that can disable it
The security and privacy threats QR Codes pose are real. Fortunately, documented cases of abuse are low, as QR Codes are just beginning to catch on with consumers. As interest in them grows, QR Codes could become a favorite for cybercriminals bent on exploiting unsuspecting users.
This all sounds dire, for sure, but you use your computer every day where the virus threat is probably a hundred-fold greater. It doesn’t stop you from going online, nor should the risks of scanning QR Codes stop you either.
Why let the cybercriminals win!
The key is to do what you should do when faced with risks: Take precautions.