The use of QR codes has become increasingly widespread throughout the world. While this practice was already well known within the Asian market for several years, now also in all territories of Europe it is increasingly easy to deal with codes printed on cards, billboards, means of transportation, objects, shirts, etc.
This reality has been felt more within large metropolitan areas where it is easier to intersperse in advertising QR Codes. However, it is also possible to associate this technology with a good portion of restaurant menus, as well as almost any business that has a Digital App, or website and needs to drive interested traffic offline, to visit their online content.
QR Codes are also being used to facilitate payment systems, or to interact with newer, more tech products that therefore no longer need antiquated unlocking systems to become usable to the end user.
In short, QR codes are now part of everyday life, it is easy to be able to interact with them thanks to the scan of one’s mobile device, and they are practical codes that are within the reach of all users, depending on what their level of digital readiness is.
From this increase in the use of QR Codes, however, an issue has emerged that is increasingly making waves: it’s called QRishing.
What is QRishing?
QRishing is a type of phishing that evolved to hit anyone who is scanning a QR Code in order to defraud it or to put it in contact with dangerous and harmful material, it’s an illegal and dangerous practice, which unfortunately has already claimed many victims among unwitting users who have scanned suspicious QR Codes.
The QR Code is a set of black and white squares, a printed matrix, within which it is possible to store a set of data. It can contain photographs, short texts, and even links. Usually, those redirect the user to scam sites or unsafe sites.
The more frequent use of QRishing sees criminals targeting QR Codes used for payment reasons or for the promotion of a brand and product. As soon as the user scans the QR Code, they use fraudulent – unbranded – links that refer to malicious sites. Here, user credentials, credit card details, or other sensitive data are often requested, which must be safeguarded and protected to prevent identity theft.
To give an example of these illegal activities, in Italy, cases of fraud using QR Codes have been recorded in the Milan area. Users used the QR Codes issued by a vehicle rental facility for urban travel for the payment system and electric unlocking. These QR Codes have been tampered with, so as to push users to fraudulent sites where they were scammed.
An even more interesting testimony – also documented in this Mashable article – speaks of fraudulent activity within the city of San Antonio, Texas. Reports would have been made to the local police force regarding QR Codes used to scam users who used the codes to pay the parking meter for paid parking, ending up on malicious sites where they were then forced to pay to unknown people.
You can also find the San Antonio PD Twitter post at this link.
According to recent statistical data, transactions, and payments made at the QR Code level are starting to reach considerable figures. Of course, if compared to the East Asian market, the western market still has a long way to go, but projections and forecasts by 2025 point to very interesting growth rates which would lead to over 2 billion US dollars transferred through QR Codes.
Logically there is a risk that during these transactions you will be attacked by fraud or phishing attempts through QR Codes, to touch the portion of users who are making the aforementioned digital purchases or sales.
Users who are scanning the QR Code and who are victims of QRishing do not always immediately notice the danger. This is why we invite you to try to be more aware of scanning the codes, relying on the general rules or advice that we have reported in our article so that you can avoid QRishing.
Here are some useful tips on how to avoid QRishing
It’s possible to avoid running into QRishing by following these steps:
1) Pay close attention to the QR codes you scan.
2) Always check the redirect link once you scan the QR Code.
3) Always ask yourself who might have printed the QR Code and try to figure out from the domain of the link destination.
4) Avoid scanning QR Codes that are totally suspect or for which you do not know the source, that is not branded, or that are placed in suspicious locations.
5) Make sure that the original QR Code has not been covered by a second QR Code, which may contain malicious content.
6) If you are not sure about the destination link, if it is an unbranded and suspicious short URL, do not open it.
7) Check that the destination site has an active security certificate and therefore its URL contains “https”.
8) If you receive the QR Code via email or SMS, always check the recipient of those messages.
As a general rule, always remember that phones tend to have fewer security measures than computers, which is precisely why it can be easier to run into economic fraud through scans implemented from mobile devices.
Use JotURL Branded QR Codes to Avoid QRishing
Beyond the prevention and control actions that we always recommend you implement when scanning QR Codes, JotURL offers you a system to protect your codes from the QRishing phenomenon.
In fact, the platform can create branded QR Codes in just a few clicks, through a functional interactive interface that offers you 100 percent customization on the appearance of your code. Forms can take on a unique coloring that can be more easily associated with your brand, it can also accommodate a logo – which can unequivocally ascertain that a QR belongs to a particular brand.
QR codes in this way will logically go a long way to discourage any QRishing activities by outsiders, as counterfeiting your codes will be more complicated, you will also boost user trust and increase the scanning rate of your codes with all the benefits of that.
Besides a “mere” security issue, this feature allows you to gain visibility and have your brand recognized among the dozens and dozens of anonymous codes scattered around billboards or flyers. You can make your QR codes more secure and more memorable at the same time.
JotURL does not only deal with QR Codes.
In fact, the platform generates branded links that can host your personal domains and certify the authenticity of your content even after scanning.
Branded links are not simple shortened URLs, they can be short, but they will always carry an unmistakable signature linked to a specific brand within their domain. Furthermore, branded links are very clear about the destination, usually carefully indicated in the part dedicated to the alias of the link. ( yourdomain.com/alias, in our case an example could be: jo.my/avoid-phishing, or any other alias you like.)
JotURL is already an excellent tool for phishing prevention, and therefore can be highly used to improve the security of your QR Codes and the QR Codes of the brands from which you buy products or services.
Another notable annotation of the JotURL QR Codes is their ability to be dynamic, this means that from within the dashboard, you can have control over the links inserted within your Code so that you can modify it at any time of your digital campaigns, without being necessarily forced to print the codes again from scratch – in this way, in addition to avoiding waste of materials, and saving your capital, you can further discourage the phishing phenomenon linked to your QRs, offering greater control and a level of certification which alone can help discourage these illegal practices at their root.
JotURL is an extremely attentive service to security and the processing of personal data, it is no coincidence that we are ISO 27001:2017 certified, and CSA Star – two of the major global awards in terms of security, which is why these issues are very close to our hearts, and it is in our interest to offer awareness to our users both on the risks and on the solutions associated with the use of QR Codes.
Extra: Deep Linking Feature
In addition to the creation of Branded QR Codes, Branded Links, and our monitoring and security features, we remind you that JotURL offers an incredibly advanced Deep Linking system. This technology, combined with the use of QR Codes, can make it easier for your users to navigate within Third-Party Apps or your own Apps without them risking getting lost in the browser.
Also this system, in addition to improving the conversion rates of your users, provides them with an additional protection and security system, so that they can navigate without difficulty, interruptions, and worries within your secure content.
If you are more interested in this topic, you may be interested in an article we wrote about it, which talks about the effectiveness of the combination of Dynamic and Branded QR Codes combined with our Deep Linking system (both simple and advanced).
QRishing is unfortunately a growing phenomenon, and currently, there is still no way to stop it completely.
What you can do to prevent it is to inform yourself about it and take preventive actions, starting with paying attention to the QR codes and links that surround you.
JotURL can be a valuable ally in discouraging these practices before they even arise, increasing the security of your links and codes, as well as your content.
You can start your 14-Day Free Trial even now and start creating your own secure QR Codes right away.