It was only a matter of time.
Consumer Reports, in its March 2012 issue, says of QR (Quick Response) codes found on packaging and on in-store displays: “… the Better Business Bureau warns that scammers having been covering legitimate QR codes with stickers bearing codes that lead to malware sites.”
QR codes, like the one illustrated for the PC News Digest homepage, can be an ultra-handy way to transmit actionable information, such as an Internet URL (website, video, map, social media page, etc.), telephone number, sms message, email address, VCard, PayPal buy link, etc.
But here’s why they’re a scammer’s delight. They’re not, as you can see, readable by humans, at least not natively ;). They’re becoming commonplace, a part of everyday life. I spotted one this morning on a box of raisins in my pantry. And, here’s the kicker, the overwhelming majority of QR codes deliver a benignly positive payload — a discount, a “secret” message from a friend or lover, a cool video or song, an easy way to download a contact or pay for a song. What’s not to like about QR codes?
Well, as our friends at CR said, some lead to malware and other malicious outcomes.
Today, thanks to excellent online services like QRStuff.com, anyone — even the bad guys — can generate a QR code in seconds for free. So treat each new QR code with caution. Consider the source and use a QR code app, like QR Droid, that shows you the decoded information and asks you what you’d like to do with it. Never go directly to a QR-coded link.
It’s a jungle out there, and QR codes make great camouflage. Watch where you scan!