Technology

Cybercriminals Exploiting Commonplace Qr Codes

By jay554 28 Apr, 2025 321
Cybercriminals Exploiting Commonplace QR Codes

QR codes became popular amid the epidemic, and businesses sought out ways to provide customers with touch-free services. Criminals have noticed and have been sharing strategies for exploiting QR codes to steal money and hack into systems. According to experts, businesses should strengthen their security on mobile devices and ensure that employees and customers are aware of dangers.

How QR Codes Made It Into the to Become Norm

The Quick Response (QR) code was developed around 1994 by Japanese manufacturer of car parts Denso Wave to track vehicles throughout the process of manufacturing. 

The QR code is an inverse barcode that has a 100-fold increase in storage capacity of data, as per PayPal. With the widespread adoption of smartphones and their low cost, QR codes are a great method of transmitting information that can be affixed to any kind of object.

At first, they were viewed by many people in the West as an outdated fraud, but QR codes have quickly become an integral component of the digital payments technology in China. 

The two largest payment platforms. WeChat Pay and AliPay introduced QR codes to allow users to start payments in the year 2011. In 2016, it was estimated that $1.25trn worth of transactions took place with QR codes in China.

QR codes became a widespread phenomenon in the aftermath of the pandemic because people wanted to stay away from physical touch surfaces. "Touch-free service," where people can scan QR codes to access a menu or pay, has become a standard. 

QR codes were a key element of the UK government's app for tracking contact that required citizens to verify their identity at places by scanning a QR code on their phone.

In the end, QR codes are now a standard. According to a report from Juniper Research, 1.5 billion people around the world have used QR codes to pay in the year 2020. The survey conducted among UK as well as US people in September of 2020 by the endpoint security company MobileIron discovered that 8% had scanned QR codes within the last 24 hours.

Digital payment companies as PayPal well as Apple Pay, both launched QR codes in the last year. Meanwhile, banks such as Natwest, Royal Bank of Scotland (RBS) and Deutsche Bank now allow users to access the online banking portal with a QR code. 

Some have even created QR codes to ease ATM withdrawals. This means that adoption is expected to grow rapidly, particularly in the US, where Juniper anticipates that there will be a rise of 240% in the number of users by 2025.

Note: If you need to create a QR code, use a QR code generator for a quick and easy solution.

Are QR Codes Safe?

The increasing use of QR codes has caught the notice of criminals. "We know cybercriminals are abusing this behaviour," claims Anna Chung, principal researcher at Unit 42, the threat research division of cybersecurity firm Palo Alto Networks. 

During the outbreak, Unit 42 has observed cybercriminals on forums underground discussing methods to exploit QR codes and attack mobile devices. We also discovered open-source tools and video tutorials that offer instruction on how to carry out attacks using QR code scanners."

Cybercriminals are known to exploit this kind of behaviour.

Many QR malware-related threats operate by fooling users into scanning a QR code, which directs them to a fraudulent website or triggers a criminal transaction which is known as QRjacking.

In the past year, Belgian authorities issued an alert about a fraud where hackers, pretending as clients, would send QR codes to small companies supposed to verify payment. By scanning the QR code, hackers gain access to the bank account of the sellers. 

"The code does not refer to a payment confirmation, but to a login portal that the fraudster, in combination with the bank account number provided, will have direct access ... to your current and savings accounts," said the commissioner, Olivier Bogaert of the country's Federal Computer Crime Unit.

Another threat that is emerging is the issue that is known as QR code phishing or "quishing," whereby criminals lure users to scan an infected QR code through email, then direct them to a fake website which prompts them to input the login information. 

This method can bypass numerous anti-phishing tools that operate by scanning emails' text, as explained by Mark Harris, senior director at Gartner. "Because you can't see the URL or it's not visible in the email, it gets past those traditional techniques."

Chung states that Unit 42 has observed 'phishing scams that mimic shares of corporate share drives. "We have come across attackers sending out QR codes to phish employees... to trick them onto a web page that looks like a corporate share drive."

The method may cause additional harm as employees might not be taught to recognise QR codes as a possible security threat from phishing, according to Peter Gooch, partner in security and data privacy with Deloitte. "If it's seemingly from a known company to you, you might not think twice about it," Gooch adds.

Security Risk Management From QR Codes

What can companies do to minimise the security risk caused by malicious QR codes that are malicious? The most important thing to do is to make sure that employees' smartphones are secure, which is often ignored. 

"The majority of have fairly strict security protections over the laptop," Chung explains. Chung. "But not so much for the corporate phone ... because that's an extra layer of investment and protections that you need to continuously control. So that is another layer of effort that I know [many] companies overlook."

Another vital step is to educate people about the dangers, both for employees and customers, Chung says. "QR code stands for a quick response, so being quick is its advantage," Chung says. "But at the same time, it could be a disadvantage for people who are not fully familiar with this technology and the potential risks that come with it."