• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Show your family how to check if a QR code is safe

Joined
Nov 1, 2022
Messages
57 (0.06/day)
To start in Troy McClure style, you may remember me from the Why won't my QR code work saga. I'm back to remind you that we should warn our (grand) parents, aunts, and uncles not to scan just any QR code out there. Last month, I read about yet another quishing case, and this elderly man said: "The sign said to use the code to park, and I hadn't ever heard of QR codes being used as a scam." This got me worried. So yesterday we had a small family gathering, and I asked a couple of older family members if they knew they could get scammed by scanning a QR code. If you think there's a need, you could do the same. Here is the freshest text I was able to find about safe vs. malicious QR codes, plus I copied some general pointers from here and there:

  • Do not scan a code if it is on a sticker, looks like it has been replaced, or is covered up.
  • After scanning the code, see if the URL you are taken to is a secure one that begins with “https.”
  • If a QR Code requires you to download a scanning app, it might be a scam, as these third-party apps ask for permissions unrelated to scanning a QR Code. If your phone camera does not support QR scanning natively, research/ask someone you trust for advice on how to choose a safe third-party app.
  • Generic design and website missing branding with grammatical errors, typos, a time limit to put in your details, or other scare tactics
  • Sent from fake, misspelled email addresses, usually without a business domain

Basically, what looks like an obvious scam to me for one reason or another, seems like a legit code ready to be scanned to Uncle Pete. Just remember that. Cheers!
 
Last edited:
All excellent points, especially that 1st one, cause just like with the card skimmers at gas stations, scammers will frequently get a pic of the code, replicate it with their own malicious info, and then print a nearly identical sticker to place over the legit ones.....

Last month, me & some friends witnessed a guy doing this at a public event, and alerted the police immediately, who were able to apprehend him & did the Steve McGarrett thing "Book 'em, Dano" :)
 
Bringing attention to this growing problem is much appreciated. :)

However,
Download a QR Code Scanner app that can help you recognize a suspicious code.
Sorry but I can't agree with this advice.

The best advice is that given in Section 1 of the article you linked to. And that is to use your smart phone's own camera's native app. Note the following from that article regarding third party scanning apps (my bold underline added),
if you have an Android (8 and above) or an iOS (11 and above), you simply need to point your native camera app to the QR Code to scan it.

If a QR Code requires you to download a scanning app, it might be a scam as these third-party apps ask for permissions unrelated to scanning a QR Code. It is also a sneaky way to hide malware.

I recommend you edit your post to address users using their phone's native app first, if supported. And if one's phone camera does not support QR scanning natively, then add advice on how to choose a "safe" third party app. This is important since not all are safe. :( Sadly, some are bogus, contain spyware and/or are malicious.

That article lists 7 apps that I assume are safe. However, the only one I am familiar with is TrendMicro's.

My Samsung Android phone supports scanning natively so I use it. As noted, the only other on that list of 7 I have used is the TrendMicro app. I note it is recommended as safe by several reviewers. It is free (and ad free :)) but, according to that article, has limited features. That said, I did not run into any limitations other than it does not allow one to generate their own QR codes - a feature most users don't need anyway.
 
ive never scanned a qr code. not any incident that someone required of me. BUT, I did try to do it in my gym before joining about 6 months ago as a 1 time fee to try it. didnt work.

used camera, but nothing. I have newer phones like lg v50 and v60 which i bought setup and have never installed an sim card in I use a v20 as a daily phone. that will not change anytime soon. what app is ok if I ever need to use it? @Bill_Bright
 
Like I said above, the only one I have used is TrendMicro's. Many reviews report it is safe to use.
 
To start in Troy McClure style, you may remember me from the Why won't my QR code work saga. I'm back to remind you that we should warn our (grand) parents, aunts, and uncles not to scan just any QR code out there. Last month, I read about yet another quishing case, and this elderly man said: "The sign said to use the code to park, and I hadn't ever heard of QR codes being used as a scam." This got me worried. So yesterday we had a small family gathering, and I asked a couple of older family members if they knew they could get scammed by scanning a QR code. If you think there's a need, you could do the same. Here is the freshest text I was able to find about safe vs. malicious QR codes, plus I copied some general pointers from here and there:

  • Do not scan a code if it is on a sticker, looks like it has been replaced, or is covered up.
  • After scanning the code, see if the URL you are taken to is a secure one that begins with “https.”
  • Download a QR Code Scanner app that can help you recognize a suspicious code.
  • Generic design and website missing branding with grammatical errors, typos, a time limit to put in your details, or other scare tactics
  • Sent from fake, misspelled email addresses, usually without a business domain

Basically, what looks like an obvious scam to me for one reason or another, seems like a legit code ready to be scanned to Uncle Pete. Just remember that. Cheers!

Good callout. Gotta agree with Bill about scanner apps, though. An older (Android) phone of mine once upon a time didn't have QR support in the camera software, so I searched for a QR scanning app. Every single one looked like, if not malware, than at least low-effort shovelware. I tried the least-sketchy-looking one I could find for a bit, but even that gave me bad vibes and was uninstalled in short order. If suggesting a 3rd party app, list a few specific recommendations rather than throwing folks in to the App/Play ocean to swim.
 
BTW, you don't take a picture of the QR code with your camera (if that is what you tried to do). You point your camera at the code and if scanning is supported, it "should" recognize and scan the code.
 
BTW, you don't take a picture of the QR code with your camera (if that is what you tried to do). You point your camera at the code and if scanning is supported, it "should" recognize and scan the code.
thanks ill look. yes, turned camera on, pointed at it

doesnt do a diddly. tried it with another one. no go.
 
Well, perhaps you have an older OS or your phone just does not support it. I would check your settings to be sure.
 
Bringing attention to this growing problem is much appreciated. :)

However,

Sorry but I can't agree with this advice.

The best advice is that given in Section 1 of the article you linked to. And that is to use your smart phone's own camera's native app. Note the following from that article regarding third party scanning apps (my bold underline added),


I recommend you edit your post to address users using their phone's native app first, if supported. And if one's phone camera does not support QR scanning natively, then add advice on how to choose a "safe" third party app. This is important since not all are safe. :( Sadly, some are bogus, contain spyware and/or are malicious.

That article lists 7 apps that I assume are safe. However, the only one I am familiar with is TrendMicro's.

My Samsung Android phone supports scanning natively so I use it. As noted, the only other on that list of 7 I have used is the TrendMicro app. I note it is recommended as safe by several reviewers. It is free (and ad free :)) but, according to that article, has limited features. That said, I did not run into any limitations other than it does not allow one to generate their own QR codes - a feature most users don't need anyway.
Thank you! Edited. Since I don't know a lot about these apps, I just copied a sentence from the article and one line from your post. I'm very happy to see the engagement here. Thanks again.

Good callout. Gotta agree with Bill about scanner apps, though. An older (Android) phone of mine once upon a time didn't have QR support in the camera software, so I searched for a QR scanning app. Every single one looked like, if not malware, than at least low-effort shovelware. I tried the least-sketchy-looking one I could find for a bit, but even that gave me bad vibes and was uninstalled in short order. If suggesting a 3rd party app, list a few specific recommendations rather than throwing folks in to the App/Play ocean to swim.
Edited, thanks, guys!

Interestingly enough, I actually copied the part about scanning apps from a news article talking about the FBI warning when I was researching for the post. Here's the entire paragraph:

"The FBI offers several ways QR code users can protect themselves:

  • Do not scan a code if it is on a sticker, looks like it has been replaced, or is covered up.
  • After scanning the code, see if the URL you are taken to is a secure one that begins with “https.”
  • Download a QR Code Scanner app that can help you recognize a suspicious code.
  • Rather than scanning a code that will take you to a specific website, if possible, just type in the URL for that website."
Thank you all for pitching in. I edited the post, and now it's up to all of us to spread the awareness.
 
"The sign said to use the code to park
If I can't find a free car park or one that still takes coins, credit cards or the parking app on my phone, I look for another car park. I don't have Apple Pay, Google Pay or banking apps on my phone and seem to survive. If suitable car parks aren't close to a concert venue and on street parking is difficult, I park further away and jump on a free bus.

Thanks for the advice, but I don't think I've ever used a QR code in anger. They just don't figure in my life, especially since I don't religiously carry a smartphone when visiting local shops. Car parks are free and the shops still take cash and credit cards.

In some countries I visit, they'd stare blankly if you offer anything except cash to pay for diesel or gas. If there's no local 4G coverage or broadband, modern technology stops working. You might get mugged for your cash, but you won't get scammed by some false QR code.
 
Don't use them, don't trust that shit.
 
I park further away and jump on a free bus.
"Free" bus? Must be nice. Bus rides are cheap here, but not free. They also don't run late at night (after concerts let out, for example).
 
Back
Top