You can use QR codes to pay invoices, access a digital menu in a restaurant or visit a website. Any data encoded in the code cannot be read by humans. You should therefore be careful when using them.
How to protect yourself when using QR codes:
- Your financial institution will never call you or send you any e-mails or texts asking you to scan a QR code using an authentication app.
- Never enter any log-in credentials (e. g. for your e-banking or mobile banking facility) on any website you have accessed using a QR code.
- Only ever use your financial institution’s app to pay QR invoices.
- Use your standard smartphone camera app or a QR code scanner app which displays the content of the code first before processing it to scan any QR codes.
- Always check the target or payment information included in a QR code link after scanning before opening the target page or executing a transaction.
- Only ever use QR codes in situations where you consider their use standard or safe. Never allow anyone to talk you into payments via QR codes.
Risks involved in using QR codes
These squares can be used to store any information, from simple links to instructions for a banking transaction. With the relevant apps, these are easy to read and are even processed automatically quite often. This plus the fact that users cannot usually establish what a QR code contains before it is read is increasingly abused by fraudsters – especially in view of the fact it is rather easy to create a QR code, for instance by simply taping over an authentic payment code. All payments initiated by scanning the taped-over QR code end up directly on the fraudster’s account and not the one of the original recipient.
There is also an increase in phishing mails containing QR codes. These serve to hide links leading to harmful websites from antivirus software and potential victims. A QR code can also hide a link which might for instance lead to a malicious file or app, a dubious app store or an untrustworthy Wi-Fi hotspot.
You should only ever use your standard smartphone camera app or a QR code scanner app which displays the decoded content first and asks whether you would really like to visit a link or execute a certain action to scan any QR codes. Unfortunately, this is not the case with all mobile devices with an integrated camera app. There are several good apps to be found in official stores which can be installed for this purpose though.
QR codes are increasingly used to obtain access to e-banking or mobile banking facilities, too. You should only ever scan QR codes used to log into e-banking or mobile banking facilities via your financial institution’s official log-in page or legitimate QR invoices using authentication apps by those financial institutions. Your financial institution will never call you or send you any e-mails or texts to ask you to scan a QR code.
A story of success
QR codes are used more and more widely. Originally, they were used to mark assemblies and components in the car manufacturing sector. The abbreviation “QR” stands for “quick response”.
Nowadays, QR codes are also used on invoices (QR invoice) or in the publishing and marketing sectors to link physical objects (products, print media, posters, etc.) with the online world and make additional information available this way.
As the contents of QR codes cannot readily be decoded by humans, these codes have to be scanned in first, e. g. using a smartphone or a special reader.
Example QR code by “eBanking – but secure!” (linking to the www.ebas.ch website)
QR codes are easy to use and cheap to produce. No particular resources or technical know-how is required for their creation. You can generate QR codes on numerous websites. Next to classic QR codes, there is also a trend to generate customised and creative QR codes meant to attract additional attention and serve as advertising.
Example of a creative coloured QR code (of the NCSC)