QR code alert highlights lack of security awareness: Internet Scambusters #958
QR codes, they're everywhere, and more and more of us are happy to use them, seemingly without being aware of the dangers they pose.
In this week's issue, we pinpoint the risks of getting scammed when we use phones to scan those rectangular boxes full of dots and squiggles.
We also have information on the recent disclosure that personal details of more than 500 million Facebook users have been leaked online.
Let's get started…
Alarm Sounds On Danger of QR Codes
Remember when, a few years ago, we reported: "QR code scams are in their early days, but as more and more organizations see the benefit of using these codes, expect the crooks to exploit the same opportunity too." (See 5 Ways to Avoid a QR Code Scam)
Maybe you don't recall our warning. But that's exactly what's happened, with new alerts about how these scannable "Quick Response" black-and-white boxes of dots and squares are now being used to trick more victims than ever into giving away confidential information or downloading malware.
Furthermore, Internet security experts say the QR scam situation is steadily getting worse and is likely to continue to do so.
The trouble is that so many of us are used to scanning these graphical shapes with our smartphones precisely because they're such a darned convenient way of connecting to websites or downloading information.
And one of the main reasons for the current surge is the change in our social behavior because of the current health crisis.
More businesses are using them in place of printed matter, like brochures, because that means consumers don't have to touch them.
According to one of the latest reports, from security software firm MobileIron, 72 percent of consumers polled said they'd scanned a QR code during one single month, with the vast proportion saying they did so because it "made life easier."
And almost half of consumers admitted they still use QRs despite knowing the concerns about their security.
"The study also revealed that many people lack security on their mobile devices and are largely unaware of the security risks posed by QR codes," the firm said.
"A whopping 47% of respondents stated they do not have or do not know if they have security software installed on their mobile devices."
Worse, more than a third of users actually say they're not worried about security when they scan one of these code boxes.
As we reported in our earlier issue, creating a QR code scam is easy. The codes can be generated quickly using free software. The crooks then produce stickers to place on top of genuine codes, leading users to fake or compromised websites.
However, the growing popularity of these graphics has led to much wider use -- for example to reveal your location, follow social media accounts, create an email, restaurant menus, join a Wi-Fi network or even to cast a vote.
Many users are totally unaware of these extra abilities. In fact, 40 percent of people surveyed said they'd be happy to vote by scanning a code.
So, if you don't follow precautions and you don't have security software, you could be heading for a costly scam the next time you scan.
Security experts says businesses are not doing enough to improve the way they present these codes and to alert users to potential dangers. But consumers can also play their part.
Five Key Steps
Here's an updated version of the five key steps you can take, as we outlined in our earlier issue:
- Don't scan codes that don't have any text or explanation with them.
- Check for a raised edge on the code showing it's a sticker. Again, don't scan unless you check with someone -- for example at a restaurant that may have updated its menu.
- If the code takes you to a website, don't provide any confidential information until you know for sure it's genuine.
- If scanning results in something you didn't expect, like opening an email, don't use it.
- Use a secure QR code reader that checks its validity. There are lots of free ones. Simply search for "secure QR code scanner" or something similar.
You can find a useful consumer guide from security firm Cyclonis.
Though it's mainly aimed at businesses, you can also download a free eBook from MobileIron: QRurb Your Enthusiasm: The Growing Risks of QR Codes.
As the non-profit Identity Theft Resource Center (ITRC) advises: "Consumers need to be aware of QR Code security threats. The more people protect themselves, the harder it will be for identity thieves to succeed in hacking people using QR Codes."
Alert of the Week
You've probably read about the recent disclosure that details of more than 500 million Facebook subscribers have been leaked on the Internet.
The info apparently doesn't include passwords, but does include things like names, email addresses, and phone numbers from a couple of years ago.
The data wasn't hacked but rather "scraped" by crooks from public profiles on the social media site.
You can check if your email address (and possibly your phone number) has been revealed at Have I Been PWned? But this won't tell you if other info has been revealed.
There's not much individual users can do about this but it serves as a warning about not making your personal info available on social media sites, although Facebook says it fixed this particular problem in 2019.
Time to conclude for today -- have a great week!