.... plus guidelines for QR code issuers and creators
It is 2022, and the very fact that CNET comes up with a video on spotting fake QR codes and how they can be used for scamming, is reason enough for us to reiterate Qryptal’s pre eminent position in this field. One of our early blog posts - Can QR Codes Be Used for Phishing Attacks ? is still very popular.
Qryptal would like to share its experience of working in QR codes for over a decade with customers in over thirty countries now. Document security is paramount and must be fixed at the source. In working with varied clients - large enterprises, SMEs, financial institutions, and governments, one realizes that QR code is a double-edged sword. While there has been an exponential growth in the use of QR codes over the last few years which particularly accelerated during the pandemic, such an adoption has also come with incidents of unscrupulous elements using the popularity to swindle unwary users, customers and even authorities.
At Qryptal, we recommend that the more significant onus of ensuring that phishing and fake QR code scams do not happen lies with the issuers – the document creators.
Here is the original video by CNET and its summary.
“QR code frauds are like phishing scams that you might get via text or via email with a link to a fake or malicious website. In this case, scanning the code will not necessarily download a bunch of malicious spyware onto your phone. Still, a scammer can send you to a fake website where you fill out your personal information or your credit card details without thinking twice. Most of us have become pretty good at avoiding dodgy-looking links in emails, but we might not be so diligent when scanning QR cards, but the same rules still apply. According to the Better Business Bureau - cybercriminals rely on us scanning the code without taking a closer look at what we’re scanning or where it’s sending us." – CNET
The Seven things CNET wants the users to beware of as per the video
1. Think before you scan - does it look out of place or is it part of a bigger sign or display etc. If possible get the URL to check the details
2. Look up where the QR code is trying to send you- is it leading you to the website that you are expecting and does it look genuine
3. Do not scan QR codes that come in emails as a good general rule
4. Do not start scanning codes that come on unsolicited junk mail like flyers offering to help you consolidate debt
5. Preview the URL that the QR code is trying to send you to. Make sure the website matches the service you are expecting
6. Be wary of short links like “bit.ly” addresses if you cannot read the entire URL
7. Opt for a secure scanning app where possible (make sure you get the app from a legitimate company, there are many malicious QR code apps as well !!)
What does that mean for document issuers and creators ?
Check if the proposed solution meet these criteria
1. Usually, non secure, regular or URL-based QR codes are a BIG NO. There should not be any URL inside the QR code, making it vulnerable to phishing attacks.
2. QR Codes should be based on advanced and high-strength encryption plus digital signature technology (PKI) that makes the QR code tamper-proof and verifiable.
3. Work seamlessly for both printed and electronic versions of the certificates and documents.
4. Easy to validate on an ad-hoc basis by anyone with a simple smartphone app, anywhere.
5. Able to validate even offline without network connectivity.
6. There is no access or dependency on the organization’s central database for validation, thus making it efficient and keeping the IT systems secure and hack-proof.
How can Qryptal help the document issuers and creators?
Qryptal’s solution is standards-based and straightforward. Qryptal also has complete control of our technology stack, which allows us to be flexible and agile to incorporate the latest enhancements.
With the unique simplicity of the solution, it is uniquely positioned to help with small footprint QR codes with the highest possible levels of security.
You may also like -
- Why does Secure QR code score over Blockchain?
- Ten great uses of QR Codes in the industry that you may never have …
- A Definitive Guide to Using QR Codes