QR codes and QRishing

• QR code dots can store a lot of different information
• Scanning them for information is a common exercise but it is not without risk

QR codes

QR codes are made up of two-dimensional modules and are considered an evolution of the barcode. The QR are made up of points differentiated from each other by high contrast colors, in which different information is stored.

In recent times, QR codes have proliferated in any area of our daily lives. Scanning them for information is a common exercise anywhere, but it is not without its risks.

QRs have various uses. According to him INCIBE (National Institute of Cybersecurity) are these:

• The insertion of a link to access a web page (marketing campaign), tourist information or the services and products of an establishment.
• The insertion of the network information of a Wi-Fi connection (the name of the network or SSID, the access password and the type of encryption used by the network).
• Direct access to download applications in official markets or from the manufacturer's website.
• Protection of content hosted in confidential documents.
• Generation of one-time passwords (OTP) or encrypted codes for access to services such as WhatsApp Web. It also stands out as a double authentication factor to secure access to certain products and services on-line.
• To guarantee the traceability of products in the transport and logistics sector.
• In Asian countries it is widely used as a form of payment through mobile phones in clear competition with NFC (Near Field Communication).
• To access transportation systems (bus, plane, etc.), leisure areas (concerts, museums, exhibitions, etc.) or areas reserved for customers and users, such as the VIP waiting room of an airline.

The QRishing

QRishing or phishing through QR is one of the most common examples of cybercrime.

Through a web page, message or email, this technique aims to get users to provide their credentials by scanning a QR code. The user, when scanning it, is redirected to a web page that supplants that of the company and requests confidential information. If the user does not verify the web address, they may be deceived.

recommendations

If our business offers informative QR to our clients, the experts give some recommendations and good practices that we should take into account:

• Frequently check the QR codes of your business.
• Choose a QR code generator or a service that offers sufficient security guarantees.
• Check that the QR code redirects to the indicated page, using reading apps that allow you to check the URL before opening it.
• Disable automatic opening of links when scanning a QR code; so you can check the address to which the code links.
• Check that the URL is from a reliable site and matches the one indicated in the letter, leaflet or advertisement.
• In the case of the use of QR codes that facilitate access to certain transport, leisure or reserved areas services, do not disclose the QR code through social networks.