For some time now, QR codes have become an excellent method to display updated and/or real-time information by opening a web address after scanning it with your mobile. As the coronavirus pandemic reduced its incidence, businesses were forced to use this system to, for example, see the menu in bars and restaurants, access updated information at the time of a business or government institution, buy tickets for a concert or event, make an appointment online among other uses.
But, as the friends of the alien have seen how this type of code has become commonplace, they have not been slow to take advantage of it. A few days ago, news related to an alleged scam was discovered in the Carabanchel neighborhood of Madrid through QR codes. Several vehicles from this Madrid neighborhood woke up with a fine on the windshield of their vehicle, a fine that included a QR code. Scanning this code would open the Madrid City Council website, specifically in the section that allows users to pay fines telematics. In the end, everything came to nothing since the website that was shown was really that of the Madrid City Council and not a similar one whose intention is to appropriate the offenders’ credit card numbers.
Beware of scanning any QR code
Anyone from the Internet can generate a QR code that refers to a web page, since it is not necessary to use any specific and very specific application that is available to very few.
Being so easy to generate this type of code, any person with lucrative purposes and the appropriate knowledge can not only generate websites where make payments of all kinds (fines, taxes and others), but also can also include codes on the linked website that download malicious software to our device whose purpose is to steal our personal data, including bank data that we have stored on our smartphone .
They can even block our mobile phone in exchange for a ransom, as happens with hacking attacks. ransomwareattacks that filter all the files on a PC in exchange for a ransom that allows obtaining the decryption key.
How to avoid problems
Most of the QR codes that invite us to make a payment via telematics are the more dangerous, since, as we have mentioned above, it is very easy to impersonate any web page and pass it off as the original (phishing) by inviting the user to enter credit card information. If it is a code found on a promotional poster for an event and invites us to scan the QR code to buy tickets, we must make sure that the code is not stuck in the wrong way on the poster, since it is a clear indication that something is not right.
If we want to make a payment electronically in an official body, it must show the payment reference data, whether it is a fine or a tax. If not, it is clearly a website that is impersonating the identity or the organization’s management leaves much to be desired. If I have any kind of doubt, the best thing we can do is use a web browser on a PC since these do inform us if it is a website that is supplanting another, a functionality that works on mobile devices.
