QR codes are now everywhere. However, these can be a real nest of scams. We explain how hackers do it and how to protect yourself from them.
Who has never scanned a QR code when going to a concert hall or restaurant? Widely distributed during the Covid-19 crisis, this very practical technology allows you to free yourself from multiple paper and cardboard supports to have information in digital format. According to post-pandemic figures published on the government’s France Num site, 74% of people questioned in France believe that QR codes make their lives easier, 47% noted an increase in the use of QR codes in their daily lives and 38% of respondents have scanned a QR code in a restaurant, bar or cafe in the last 6 months, 37% for a retail business.
Not many people know this, but a QR code can also be a great way for hackers to trick you. There are many testimonials today from people who have been scammed by hackers. The possible harm is varied: downloading malicious software, theft of personal data or even banking information, extortion of huge sums of money… So many dangers that could strike you if you are not careful.
The reported cases mainly come from the United States and Asia. But the threat is growing throughout Europe, starting with Germany, which is already affected. The Spanish National Police recently published a prevention message on social networks to raise awareness among its population. In France, the official Cybermalveillance.gouv platform has been on alert since summer 2022.
The most widespread technique is the following and applies to physical places such as businesses or cultural places that you visit for example: pirates will paste their own QR code above the one you want to scan to download the menu of your restaurant or your brasserie for example. Once the code is scanned, you will not come across the list of dishes, but on a form created by the hackers.
By completing the latter (because you will be promised a free drink for example), these malicious people will collect all your information and can resell it or blackmail you. QR codes can also be programmed to make calls and send messages to your contacts, also aimed at retrieving the banking information of the recipients, in other words your family, loved ones or colleagues.
The simplest solution to this type of scam is obviously to never scan a QR code with your smartphone again. This can, however, be quite restrictive, especially if you dine in these restaurants – more and more numerous – which do not have a classic format menu. The other solution will rely more on your scanning skills: be wary of every code you scan.
There are also reliable apps to systematically open on your phone before scanning a QR code. They are free or inexpensive, like Kaspersky QR Scanner or QR Scanner, available on Apple Store or Google Play. But be careful, never install a security application from a link itself scanned with a QR code! Also make sure your phone is always up to date. Certain recognized smartphone brands allow you to protect yourself against this type of scam with alerts that are displayed before accessing the QR codes.
Last advice: if in doubt, do not scan and if you have already done so, immediately close the loaded page and clear your browser history.