What is a QR code?
A QR code can include various types of data, but it is most often a link presented as a square bar code you can scan with your phone. It can be used for various purposes, for example:
- To reach a specific website. It is quicker to scan a QR code than to type the web address.
- To log into a website you get the option of scanning a QR code with your Mobile BankID app and then enter your pin code.
- To swish a specific recipient you can scan a QR code instead of typing the recipient’s number.
”The QR code stands for Quick Response and is often quicker and in some cases it also increases security. For example when you scan a QR code to log in instead of typing your personal identification number,” says Amalia Krantz.
How do fraudsters use QR codes?
Fraudsters can use QR codes to guide us to a fraudulent website, which looks genuine. Here they will try to phish information or get you to use some type of security solution. If you scan a QR code it is important that you carefully check the website you were directed to and think before you act.
Exactly as we have learnt to be careful not to click on unknown links, we need to be aware of QR codes as they are also links. The difference is that we can see a link and try to assess the authenticity – but we cannot do that with a QR code.
How can you protect yourself?
Exactly as in the case of phishing, vishing and smishing, this is a point of access for fraudsters. And no matter whether it is via e-mail, phone, text message or now a QR code, we should use our common sense and be suspicious when someone contacts us unexpectedly and asks us to act in some way. This can be any form of online phishing where fraudsters will try to get information or get the person to use a security solution.
”A good rule of thumb is to consider who has taken the initiative. If you for example want to log into a website or swish a recipient, QR codes are easy to use. But if you receive a QR code unexpectedly and is asked to act, you should be suspicious and think before your scan. It may be a fraud attempt,” says Amalia Krantz