The QR code, which became very popular during the Covid-19 pandemic, will soon become ubiquitous in supermarkets as it will gradually replace the barcode. However, some ill-intentioned people could take advantage of this to lure unwary consumers into a trap, thanks to a scam called QRishing. Here are 5 tips to avoid hackers' traps and use QR codes safely.
1- Beware of QR codes simply stuck on the packaging
Now that consumers have gotten used to pulling out their smartphones to scan QR codes, the GS1 association has decided that this little black and white pictogram will replace barcodes on products in the supermarket by 2027.
This change, which is expected to bring more information to the customer, could also become an open door to new online scams called QRishing (contraction of 'QR code phishing').
To avoid being tricked by hackers, be especially cautious when a QR code is simply stuck on a package. When this symbol is not printed on the carton or inserted into the box of a product, there is no proof of its origin for you.
2- Limit your actions after flashing the code
As you probably already know, scanning a QR code with your smartphone gives you access to a link. When this symbol has really been affixed by the manufacturer, it usually redirects you to the brand's website, to the page dedicated to this product or to an advertising campaign...
Another tip to remember to thwart the QRishing trap is to limit your actions after flashing the code. Whether or not you have any doubts about the legitimacy of the site you are on, avoid giving out personal information!
Be especially wary if you are asked to create an account or download an application. Besides, when you want to install a new application, it is always safer to go through the AppStore or Google Playstore.
3- Always check carefully the site you are visiting
As is often the case with online scams, the best way to thwart this fraud is to stay vigilant. Once you scan the QR code with your smartphone, always look carefully at which site the link redirects you to.
If the content that appears on your screen does not match the product or brand purporting to be the author of that pictogram at all, refer to the page immediately. This is most likely a QRishing attempt!
4- If in doubt, check the link that appears
If you have any doubts about the authenticity of a QR code, another trick to foil a scam is to check the URL that appears on your screen before you even click on that link.
If the web address or URL that appears on the screen has nothing to do with the brand, that should already tip you off. A strange URL should alert you, as it is a typical sign of a QRishing attempt.
It's safe to click on it. However, once you do and you're on the site, also check that the site address (which appears in the bar at the top of your screen) is still the same.
5- Never register your credit card
As mentioned above, once you click on the link, you should avoid giving too much information about yourself.
Even if the site or app seems to match the product brand and offers you to enter a contest or take advantage of a discount, you should never give out information that scammers could use for their benefit.
You should never register your bank card on this type of site, especially if you accessed it via a QR code! Just like classic phishing, QRishing aims to get personal data from you such as a date of birth, password or credit card number... to impersonate you and/or make online purchases with your bank card.