To travel, eat, download an application… QR codes have taken an important place in our daily lives, especially during the health crisis linked to the Covid-19 epidemic. While these devices are convenient and easy to use, they can be extremely dangerous if they fall into the wrong hands. As Le Parisien indicates, this technology could be misused by cybercriminals, in order to steal your personal data in the form of phishing, or to make you install malicious software on your mobile phone, transforming your device into a veritable spy. .
The first cases of scams using QR codes have been reported in Asia, Germany, and the United States. “No victim has yet been reported in France to Cybermalveillance.gouv, which lists cyberattacks and other online scams”, informs us the Ile-de-France daily. To help protect you against possible scams involving these new technologies, Planet interviewed Christophe G., an IT technician specializing in networks and security. This expert gives us the main keys to guarding against fraudulent QR codes.
Christophe G. “Scanning a fraudulent QR code amounts to being directed to a website chosen by the creator of this QR code. It can therefore, for example, direct you to a clone of a known web page (Amazon connection page, or your bank) and can therefore steal your credentials”.
To protect yourself from this type of inconvenience, it remains to know how to recognize a fraudulent code… We take stock.
Christophe G. “Before a QR code scan, certain details may alert you, in particular the origin of this QR code. Make sure that the QR code that we send you comes from a company that you know, and do not hesitate not to call this company to verify the authenticity of this QR code.Same for the QR codes that you can find in the streets, in public.
Think anyone can stick posters with a malicious QR code. You can also check that there is no ‘overlay’ on the poster (a malicious QR code stuck above the correct QR code).
If you are redirected to a website, be sure to check the entire URL, as it may look like a real URL, up to one character (…)
You can also deactivate the functionality to start a download or connect to a Wi-Fi hotspot with a QR code. Also remember to update your phone regularly. Updates often include security patches.”
What if you have, despite everything, scanned a QR code by mistake?
Christophe S. “If you have scanned a fraudulent QR code by mistake, don’t panic: