When QR Codes Go “Rogue”

Originally designed for industrial uses, QR (or Quick Response) codes have become a popular addition to the marketer’s tool kit.  They make it possible for smart phone users (who have a scanner and the right software) to go swiftly and effortlessly to a corporate, product or brand website.

QR codes are everywhere today:  on product packaging and posters, in magazines and newspapers, on coupons, inside product documentation … even on business cards.

It’s a terrific opportunity for companies; but it can also trigger a crisis for smartphone owners.

A malicious QR code — combined with a permissive reader — can put a computer's contents and a user's privacy at risk.  

It all starts with a malicious code pasted over a legitimate one. 

If your smartphone is lax, in terms of security, it may allow you to link to a dangerous web site.  It could turn on your camera and GPS and stream feeds to a remote server, enabling cyber-criminals to corrupt privacy settings and steal your most sensitive data (including passwords, contacts and transactions).  In Russia, a malicious QR code caused phones that scanned it to send premium texts at a fee of US$6 each.  These actions can occur in the background while the user is seeing what appears to be a normal, harmless web page.

So how do you protect yourself from rogue QR codes?

Be careful about the apps you install on your smartphone.  Stick with the major apps.  Check reviews.  Be skeptical.   Consider online tools, like Unfurlr, that show the long URLs hiding behind short URLs and provide a security report assessing the safety of the underlying web site.