Security and QR codes: Pitfalls to avoid

Last updated: April 25, 2024

Have you ever scanned a QR code? These little black and white squares have taken our world by storm, becoming an everyday tool for quickly connecting to information online. Whether it's to access a restaurant menu, get product details, or benefit from an exclusive promotion, QR codes seem to be everywhere.

But do you know what hides behind an unknown QR code?

In this article, we'll navigate the world of QR codes and learn how to use them safely.

What is a QR code?

Before we dive into the potential risks of QR codes, let's first see what they are. So, what is a QR code?

A QR code is like a complex black and white puzzle that your phone can solve instantly.

As you can see in the image below, it looks like a square filled with strange patterns.

But every pattern has meaning. When you point your phone's camera at the code, your phone solves this puzzle. Then it turns designs into information: a website, a digital business card, a restaurant menu and much more.

In other words, a QR code is a kind of shortcut that instantly takes you to a large amount of information, without having to type anything. It's quick, it's simple, and that's why we see them everywhere around us.

The Dangers of QR Codes

Just like other aspects of our digital lives, QR codes are not without dangers. While these black and white squares may seem harmless, it's important to remember that they can be used for less benevolent intentions.

Indeed, according to one research conducted by ExpressVPN, the growing popularity of QR codes has attracted the attention of cybercriminals. These malicious individuals have developed tactics to disguise their malicious attacks in the form of seemingly ordinary QR codes.

In the following, we will find out how cybercriminals can use QR codes to take control of your phone or to steal your private information.

1) Phishing or Phishing

The first risk associated with QR codes is the Phishing. This technique aims to trick people into thinking they are on a safe and legitimate site. Indeed, with a QR code, you could be taken to a malicious site that asks for your personal information.

Imagine this: you are in a coffee shop and you see a QR code on a poster that promises an attractive discount on your next coffee purchase. It's tempting, isn't it? You take out your phone, scan the code and find yourself on a site that looks exactly like the official website of the cafe. Without hesitation, you enter your credit card information to take advantage of the promotion.

This is when things take an unexpected turn. The site the QR code directed you to is not the actual cafe site. Indeed, it was created by cybercriminals to look exactly like the official site. When you entered your credit card information, you did not sign up for a discount. Instead of that, you gave your credit card information to cybercriminals.

2) Network attacks

Next in the list of risks is related to network attacks. If you scan a malicious QR code while connected to a public Wi-Fi network, this can potentially open a gateway for cybercriminals and put any data traveling on that network at risk.

3) Locating your location

The third danger is related to the disclosure of your location. QR codes, often used to simplify itineraries, sometimes hide an unsuspected risk.

Let's say you're at a conference and see a QR code offering additional information about the event. Intrigued, you scan it. Immediately, a map appears.

However, you may not realize the hidden danger. By opening this map, you could disclose your location. Indeed, a malicious QR code can betray your position.

Worse still, the site associated with the QR code could transmit your location data to cybercriminals. A real threat not to be underestimated.

4) A phone call that leaks your information

After localization, another risk of QR codes: triggering phone calls. An unknown but very real danger.

You scan a QR code. Without warning, your phone initiates a call. A harmless action in appearance, but not without consequence.

In reality, this simple call can share your informationcaller ID. Your number, carrier, or even your location can be exposed.

Ultimately, someone is collecting this information. Cybercriminals can then use this data.

Identify and avoid malicious QR codes

As we discussed earlier, QR codes can pose a great risk to your security and privacy. Fortunately, there are several steps you can take to protect yourself.

Below are 4 steps you can take to reduce the risk, while enjoying the benefits offered by QR codes.

1. Check the URL before clicking

When scanning a QR code, take the time to check the URL it takes you to. If the URL looks suspicious, don't click on it.

If you're using an iPhone's built-in camera app, you'll find an interesting feature: when you point the camera at a QR code, the website address (or "domain") encoded in the QR is displayed. This gives you some confidence, allowing you to know the domain you will be redirected to before making the decision whether to open it or not.

2. Only scan QR codes from trusted sources

If you see a QR code in a public place, such as a bus stop or street pole, be very careful. It is easy for anyone to paste a sticker with a malicious QR code in these places. It is best to use QR codes from reliable and verifiable sources.

3. Keep your phone up to date

Make sure your phone's operating system is always up to date. Security updates are often included in operating system updates. These security updates can help protect your phone from malicious QR codes.

4. Disable geolocation feature

As we saw earlier, QR codes can sometimes be designed to access your phone's location. For this reason, it's a good idea to turn off geolocation when scanning QR codes whose source is untrustworthy.

In your smartphone settings, under the privacy tab, you will usually find the option to turn off geolocation. On iOS, for example, you can go to Settings > Privacy > Location Services to manage this feature. You can choose when and how your location is used.


And There you go ! Armed with this information, you are now ready to explore the world of QR codes with confidence and peace of mind.

Do not hesitate to pass on these valuable tips to your loved ones. The more we are informed about potential dangers and the more cautious we adopt, the more secure and pleasant our experience of the digital world will become.

So, share this article and help create a safe digital space for everyone. Digital security is a collective matter and your contribution matters a lot