Skip to content
“QR codes, a new playground for cybercriminals” – France

What’s new in the realm of scams?

The QR code (for Quick Response” is on the rise and this has not escaped cybercriminals. This small square, which can contain up to 4,296 alphanumeric characters, whets their appetite even more when it is used by all smartphone owners, in other words the greatest number. It is no longer just a question of phishing people of a certain age by means of fraudulent emails, but of plundering all your personal data – identity elements, bank details, contacts – in a jiffy.

The American FBI launched the alert in January. The previous month, it was the customers of two German banks who had their money stolen by scanning the QR code of emails allegedly sent by their financial adviser – a decoy, of course. In France, there have not yet been any large-scale scams, hence the interest in warning the population before they occur. The fact is that we have much more privacy and confidential information, often poorly protected, in our pocket than we will ever have in our computer: a gold mine for hackers!

What types of malicious actions are recorded?

There are those that aim for contactless transactions. For example, you arrive in front of a parking meter equipped with a QR code payment system. Flashing the square displayed, you are redirected to a portal or application that allows you to pay the cost of your parking. Very practical, provided the smart guys didn’t come and stick a QR code on them – anyone can generate one with a single click – on top of the legitimate QR code. Many cases have been reported in the United States. Users were redirected to fake payment sites. And, if the amounts debited are not huge, the scammers have had access to their bank details. Same thing at the restaurant: be sure to check if a sticker does not cover the original QR code. And avoid using a QR code to pay your bills.

Benoît Grunemwald is a cybersecurity expert at Eset France, a company offering solutions for the protection of IT devices (Photo Benoît Grunemwald)

Are there other risks than having your money stolen?

Yes, that of being dispossessed of one’s life (photos, text messages, etc.) and, worse, of seeing one’s smartphone taken over remotely for spying purposes. You may be led, without your knowledge, to download a malicious file and import a virus that will affect all your contacts. Or your device may be connected to a wifi network and have spyware implanted in it that uses your address book to better personalize the phishing messages sent to your loved ones, and perhaps even formulate them on your behalf. In addition, scanning a QR code can deliver data as sensitive as that contained in your identity document or your medical file to hackers.

“People have learned to be wary of phishing email techniques, not QR code scams yet.”

Should we then banish QR codes from our uses?

No, there is no question of falling into paranoia. The QR code offers considerable ease of use for connecting to wifi without having to enter a series of numbers and letters, or for synchronizing your computer and your instant messaging account. But it is important to protect your smartphone with an antivirus – you still have to be careful about the actions you authorize or not – and to regularly update your applications and your mobile phone. Because protection parameters are constantly changing! Then you have to be careful and discerning, cybercriminals play on the side of urgency, pressure, to encourage you to click very quickly without asking you too many questions. There are tools to best protect you against cyberattacks, but none are 100% reliable.

What do you mean by exercise caution?

People have learned to be wary of phishing email techniques, not QR code scams yet. Consider deactivating, on your smartphone, the option to perform automatic actions when scanning a QR code: visit a website, download a file, connect to a wifi network. After the scan, analyze the URL. Avoid entering your data or personal information on a site you landed on via a QR code. Finally, do not share QR codes containing sensitive information, such as those included in health certificates.

letelegramme Fr Trans

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.