7 golden rules of the American FBI for dealing with QR codes

Check in at locations, retrieve test results, scan certificates: At the latest with the Corona pandemic, people around the world have become accustomed to QR codes. Criminals are also taking advantage of this.

Regardless of whether they are digital or on paper, trust should not be unlimited when using QR codes.

QR codes are a security risk

The square pixel codes can be manipulated or created with fraudulent intentions, warns the U.S. Federal Bureau of Investigation (FBI).

Cyber criminals tried to direct their victims to fake websites with the help of QR codes. There, for example, login data for services and accounts as well as sensitive financial information are stolen or payments, such as cryptocurrency transactions, are redirected.

It is also possible that QR codes trigger the download and installation of malware, through which the perpetrators gain access to the user’s device and data.

Also of interest: How does Corona vaccination proof get on your smartphone?

Stay safe with these tips from the FBI

  1. When scanning a code, check that the expected website actually opens and that it is authentic: The address must be correct and must not contain typing errors or incorrect letters.
  2. If a website requires the entry of log-in data, personal information or data relating to money and financial transactions, you should be particularly critical if the page was accessed via a QR code.
  3. If possible, do not make any payments on websites that you have accessed via a QR code. Instead, it is better to enter the respective (known and familiar) Internet address by hand if something is to be paid there.
  4. In the case of physical, i.e. printed QR codes, you should always make sure that an original code has not been pasted over with another code.
  5. If possible, do not start app downloads and installations via QR codes, but download applications from the official stores.
  6. Do not install an extra scanner app: In the vast majority of cases, the smartphone camera acts as a scanner or a scanner is integrated in the browser.
  7. An acquaintance or a friend has apparently sent a QR code? Or a company from which you recently bought something is contacting you by e-mail about an allegedly failed payment and is now demanding a new payment via QR code? In both cases, it’s better to pick up the phone and ask directly whether the message is genuine. Caution: Do not copy the phone number of a company from the e-mail because it could be fake. Better go to the company’s site via a search engine and look for a contact number.