QCOSTARICA – In the technological era, in which we are immersed, we increasingly have more resources to streamline certain processes in banks, shops and companies of all kinds; QR codes are one of those tools that have become popular, but the Asociación Bancaria Costarricense (ABC) – Costa Rican Banking Association – calls for them to be used with caution and responsibly.
In Costa Rica, some financial entities use them solely for informational purposes and in others as means of payment but always applying all the necessary security measures to safeguard customer information.
When scanning a QR code, what it does is that it takes the person to a web page, where they can see certain information, for example, the menu in restaurants or details about a certain product or service. However, their use implies taking the necessary precautions so as not to fall victim to a scam, since criminal groups also use them.
“Just as we can easily download this information, cybercriminals also use QR codes to make people download malicious content and steal information from their devices or take them to fake pages to steal usernames and passwords, and then access their accounts and steal the money,” said Raúl Rivera, Cybersecurity Advisor for ABC.
Types of attacks on QR codes
- QRishing: They take the person to a false web page where they capture confidential information: usernames, passwords and security codes.
- Malicious code download: They redirect to a web page that downloads malicious code on the device that can infect it with a virus: Trojan, Spyware, Botnet or Cryptomining.
- QRLjacking: Once the person enters a website or social network, they hijack the session by tricking them into entering through the use of a QR code, similar to what WhatsApp uses to enter WhatsApp Web.
Recommendations for the safe use of QR codes
- Use a secure QR code scanner. The camera of the phone or tablet is usually used, which increases the risk.
– Kaspersky (Android, iOS) – Download Secure QR Code Reader
-TrendMicro (Android) – Download Secure QR Code Reader
- Disable URLs from opening automatically after code scanning. This will allow you to check if the URL has any malicious element or behavior.
- Check if the URL is trustworthy. To do this, you just have to copy the scanned URL before opening it, visit the page www.virustotal.com, select where it says URL, paste it in the field that appears there and press ENTER.
At a commercial level:
- Establishments that use QR codes must periodically check that they have not been changed. Cybercriminals alter codes to defraud customers.
- Use a reliable or secure QR code generator. Some websites that generate QR codes for free may inject malicious actions or download malicious code in addition to the actions they are normally configured to perform.
“Banks make great efforts to ensure the safety of their customers and protect their money, but it is vital that people distrust and never share their sensitive information, such as usernames, passwords or passwords, financial institutions will never ask for that data,” concluded Rivera.