How to check if a QR code is safe to scan

QR codes are everywhere. From menus to bus stops to websites, they're a handy way to convey information without taking up a lot of space. And, given their popularity, you often don't think twice before scanning one.

However, did you know that QR codes are easy to fake and even easier to redirect to a malicious website? That's why you should always be cautious when scanning QR codes. Here's everything you need to do to ensure your QR codes are safe to scan.

1. Check for signs of counterfeiting

QR codes are easy to create. In fact, there are several online tools that can help you create your own QR codes. However, this means that scammers can easily replace legitimate QR codes with fake ones of their own making. So how can you tell if a QR code has been tampered with?

Always check for any stickers that have been applied over an existing code or for the QR code appearing to have been printed and pasted onto a surface. Pay close attention and check for these signs, especially if the QR code is in an easily accessible location, such as an unattended parking lot or a busy restaurant.

2. Identify the source

If you spot a QR code in a physical location, like a restaurant or store, but suspect it might be fake, you can ask a staff member to confirm whether it's real. Online codes, however, are a whole different story.

Hackers pose as legitimate businesses and create fake websites or send phishing emails with QR codes. If you come across a QR code online, take a few minutes to check the source, i.e. the sender's email or the website you are visiting. If you notice any inconsistencies in branding, communication that seems unprofessional, or full of grammar and spelling errors, do not proceed with scanning the code.

3. Verify URL

Scammers exploit bad QR codes by relying on people not checking the URL before opening the link associated with the QR code. Of course, QR codes can't be read by the human eye. However, you can verify the preview of the URL on your screen.

Businesses almost always use domain names that are associated with their brand name. If the URL looks unusual, it's best to err on the side of caution and avoid clicking the link. If absolutely necessary, use an online tool to check if the link is safe.

4. Permission prompt

If you scan a QR code and it prompts you to grant access to your contacts, messages, camera, or location for no reason, consider this a serious warning sign. Granting these permissions could allow bad guys to access your information and compromise your phone's security.

5. Beware of security warnings

Sometimes when you accidentally scan a QR code and don't check the URL preview, your browser will warn you that it's an unsafe site. If you scan a QR code that tries to redirect you, be sure to pay attention to any warnings your browser or device may display.

If automatic updates are not enabled, you should manually update your operating system, apps, and other related software to keep your smartphone safe.

Despite their caution, even the most vigilant users can make mistakes. That's why it's helpful to be familiar with what to do immediately if you accidentally scan a fake QR code. From immediately disabling your device's internet connection to changing your password, there are steps you can take to minimize potential damage.

Marvin Fry

Update 31 August 2024