A New and Complicated Problem
Recently, at rooftop restaurant establishment in Dallas, a waiter with a mask and plastic face shield instructed the customers seated at a table to use their cell phones to scan an intricate design he pointed out to them on their table. By following his instructions, the patrons were able to access the restaurant’s menu on their phones. As more and more businesses across the country re-open, they are looking for and finding ways to keep employees and customers safe while minimizing the need for direct or indirect physical contact. Enter the QR code.
The QR code is that funny looking little box which can be seen in an increasing number of locations from store coupons to posted signage in retail shops and, as in this case, in restaurants. Those who have QR code “readers” or “scanning apps” on their cell phones can point their cell phone cameras at these symbols which, once deciphered electronically, then directs them to a predetermined website containing the desired information. In this case, the patrons at the restaurant were directed to the restaurant’s website where a full menu was posted. By using the restaurant’s QR code, the number of physical things needing to be sanitized is reduced while also allowing each person a chance to browse at their own pace. It seems like a great idea.
QR codes are a great idea in our increasingly contactless world once the initial apprehensions are overcome. As with any new technology, there is a consumer learning curve that must be achieved. When the user is comfortable using the application, it can be a very useful tool. However, cybercriminals are also becoming comfortable with the QR code as a means to exploit this new consumer tool.
The QR scams aren’t foolproof. You, as the potential victim, must be a willing participant. Scanning a code on the table of a restaurant is a low risk activity. It is not unlike using the chip embedded in your credit or debit card to make a purchase at a well-known retailer. It is no riskier than allowing a trusted website to store your personal information on its site. Our technology is here to make our lives easier. However, the value of convenience is offset by having to remain consistently vigilant for potential scams. But just a little common sense can go a long way to keeping you safe.
Most scams include steps that should seem a peculiar or different from what you would expect the normal process to be. Just like a “phishing email”, a QR code scam has little idiosyncrasies that don’t quite line up. Imagine you’re in a parking lot and a harmless looking lady approaches you. She has cash but the machine where you pay to park only takes credit or debit cards. So, she offers you a five-dollar bill and asks you to scan a QR code appearing on her cell phone which she shows you saying it will pay for her ticket. While it may seem you are helping the lady with her issue, there are several red flags here. The first is that she only has cash. We are living in an increasingly digital world where cash is becoming less normal. The second and bigger issue is she wants you to scan an unknown code on her phone rather than using the one displayed on the designated machine in the parking lot. This is a documented scam that, unfortunately, many people have already fallen victim to in the recent past.
Tips To Avoid Being A Victim
While the idea of scanning a QR code may seem a little scary at first, don’t shy away from this new technology. You simply need to be more proactive in what you scan.
If the interaction feels a little off, do not do it. Ask the establishment if there is a more secure way for you to pay or enter personal information. If they cannot provide one, then you should probably avoid the transaction.
Like unsolicited phone calls or emails, never give out personal or banking information to a QR linked site that didn’t originate from a verified source. The lady in the parking lot with the code may sound ridiculous, but people have already fallen for the ruse. When in doubt, just say no.
Use a QR reader with built in features. As these codes become more widely used, security on them will increase. There are some QR reader apps out there that have features built in to monitor malicious code. That can save you a headache or worse in the future. Do your “due diligence” and research available QR code reader applications before downloading one.
Just because the QR website asks you to, do not click “accept” without knowing to what you are agreeing. When given “acceptance”, QR codes can install foreign contacts, send and read emails, access your bank and other personal information, add a preferred “WiFi network” to your phone which allows unwanted messages to be received, and much more. Make sure you’re reading and understand what you’re agreeing to before actually saying “I accept”.
If you don’t already, you should regularly monitor all your bank, email, and social media accounts. You should review all “permissions” you granted to your device applications. You should also review you standing accounts with your favorite retailers. If something looks a little fishy, shut it down. If you don’t know how to shut it down, a quick internet search can walk you through almost anything. QR codes aren’t going away. They shouldn’t have to either. They will, in fact, continue to grow in availability and consumer usage. A little code on a table is a great way for us to access information quickly and safely, as long as we’re being proactive about what we let into our devices.
Stay vigilant, and, as always, stay safe out there.