this post was submitted on 12 Dec 2023
157 points (100.0% liked)

Technology

58091 readers
3064 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
157
The growing abuse of QR codes in malware and payment scams prompts FTC warning (arstechnica.com)
submitted 9 months ago by [email protected] to c/[email protected]
16 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 32 points 9 months ago (1 children)

So the issue isn't QR codes, but people being unable to recognize scammers additions to public infrastructure and the websites being scams. Basically, it's the same principle as scammers sticking an additional device on top of cash machines.

No news here.

[–] [email protected] 27 points 9 months ago (1 children)

Okay, but explain to me how you're supposed to tell the difference between a legitimate QR code and a fake one?

It's trivially easy to make a mockup of a restaurant's QR menu so that people scan it when they sit down, expecting to get an online menu.

[–] [email protected] 7 points 9 months ago (2 children)

Is the QR Code applied professionally to the surface, possibly behind some security feature such as glass or another surface finish? Is the menu on the table in the general style of the restaurant, or does it look off or entirely different? Is the QR code applied on top of something else, possible another QR code?

Don't use apps which directly open QR codes. Any sensible app will tell what the information is before processing it.

And at last, the simplest and most efficient security measure of all: Commonsense. Don't scan everything you come across. Restaurant menu? Sure. Some random poster out in the woods promising a quick buck, happy time or their like? Hard pass.

[–] [email protected] 16 points 9 months ago

Part of the problem with security is they even when it's legitimate, it acts like the scammers.

I've seen restaurants where their (legitimate) QR code is clearly printed on a home printer and used in lieu of physical menus in order to save money. If the link changes, they will simply tape the new one on top of the old, even on the most official copy you can find.

[–] [email protected] 8 points 9 months ago (1 children)

Given that how restaurants present these various greatly, it wouldn't be terribly unexpected for the official QR to be a sticker on the menu or table either

[–] [email protected] 2 points 9 months ago

I've been at restaurants where that's exactly the case. The QR is just a sticker on the table. Or a laminated card with the code on it.

Would be trivially easy to replace it with a malicious site.