It was somewhere in the mid 90’s that QR codes, short for “quick response”, became really popular in the automotive industry in Japan. Mobile phones came with QR code readers and the average citizen soon got used to scanning a printed QR code to get more information on products, scanning electronic tickets, and even tracking flight tickets at airports. While QR codes have been a tech way of life in Japan for a decade or two, one wonders why it is that South Africa has taken so long to latch on to this seemingly easier to use touchless world.
QR code trends
While the history of QR codes is certainly interesting, our focus should be on QR codes right now, in the here and now. Nowadays, there are numerous QR code trends which seem to shift almost daily. For instance, you can use a QR code at a restaurant to scan the menu and another code to pay the bill. You can go pay for your groceries by scanning a QR code, rent a Box Office movie on DSTV and even read an article in a magazine by scanning a QR code to ‘read more’!
QR codes have become such an integral part of our lives that it almost seems as if they have always been there. So, where’s the catch? The catch is that there’s a security risk involved with QR codes.
what’s the security risk/threat to your business?
One of the greatest risks is that the average person cannot tell a malicious QR code apart from a legitimate one. This, when paired with the fact that most mobile users don’t have (or even think about) mobile device security, is a disaster waiting to happen.
You also need to consider the risk to your business if employees are using their mobile devices for work. The digital age that we live in has made many people blase to the things we do on our devices. We wander the aisles of the grocery store scanning and swiping as necessary with little thought to anything beyond the outcome of the scan. As a consequence of our unmindfulness to the security risk, we make a hacker’s job that much easier. Hackers prey on this type of naivety and behaviour in consumers, posing a significant threat to your business.
how do hackers do it?
Opportunistic hackers are able to generate QR codes using free services on the internet. They then embed malicious software into the QR code. Most people will have no idea, and more often than not – not even begin to consider if a QR code is a good one or bad one.
When a malicious code is scanned it can send the mobile user directly to a malicious website, or it can install malicious software on your phone. In the event that a QR does this, you can expect a variety of things to happen. The hacker can action spear phishing, can initiate a call to a scammer in order to get the mobile phone number and even send malicious texts from the device. With malware software installed from a QR code hackers can send out emails from the device with malicious links, they can send payments and capture the mobile phone’s stored payment data, and a whole lot more.
how to protect yourself
Protecting yourself from the damage of scanning a malicious QR code is important:
- Educate your employees about the risks and threats of QR codes.
- Make a point of only scanning codes from trusted sources. Don’t randomly scan codes you find on the internet or made public. Make sure that the company URL matches the business name and website – there are apps that can do this for you.
- Be wary of bit.ly links. Often bit.ly links are used to disguise malicious website URLs.
- Ensure that every single business and employee device used to access business data and apps has a top notch security system installed.
- Put an end to password access for employees using business and cloud-based apps. Instead, opt for multi-factor authentication.
take action now
While the use of QR codes have become a way of life that will undoubteldy get you a quick response, they might also get you a ‘quick virus’ that you simply don’t want or need! Take the time to understand the risks and put measures in place to protect yourself, your employees, and your business.