Are QR Codes Safe To Use?

Hi, this is Gary with MacMost.com. Are QR codes safe to use? Let's take a look. 

Today you see QR codes everywhere. You see them in restaurants. You see them in stores. You'll see them in signs around town. They are those little square boxes with black and white dots in them. To use a QR code you would use the camera app on your iPhone. You would point your iPhone at the QR code and then you would see a link appear at the bottom. You can tap that and it usually go to a webpage or sometimes open an app. 

For instance here I'll point my iPhone at this QR code. You can see my website appears underneath. The iPhone recognizes those dots as an URL and will show me the website that I'll go to if I tap that link. Then it will take me there. It will open up my default browser and go to that webpage. If I had to type this out it would take a little time and it would be hard not to make a mistake. This is why QR codes are handy. They make it easier to go to a webpage without having to type something out. It's important to realize this. The QR code is just a URL or web address. That's all it is. It's like that web address but in a different language. A language that's easier for a camera to understand as opposed to a human who actually sees the letters. The advantage of a QR code is it actually embeds the link several times in there. It is repeated. So if some of those dots have gotten smudged or they are not visible for some reason it can still make out what the exact URL is. That is not true if it's a bunch of letters. If a few letters are missing you probably won't be able to figure out where you are supposed to go. 

So, what are the risks to using a QR code? Well, they are just links so the risks are essentially the same as using any link. Like one that you would type in or one that you would click from one webpage or maybe from an email address or text message. Clicking links do have risks. QR codes are no different from that. One thing about QR codes that kind of makes them feel riskier is you can't tell what the link is until you hold your iPhones camera up and then you just get the domain name there at the bottom. So QR codes can be misleading. Instead of going to the place that they say they're going to go to they can go someplace completely different. But it is no different if it was a URL that was shortened or some sort of URL that redirects somewhere that was letters. It being a QR code makes it a little harder to figure out where you are actually going, but doesn't actually increase the danger level of where you could go. 

So if you are going to use a QR code how can you stay safe? Well, just like any link that you might get, say, an email message or text you want to trust the source. If a friend of yours sends you a link and tells you to check something out you trust them, you go to the link. But if you get a piece of junk mail that has a link in it you don't trust that link. It is the same thing with QR codes. If you go into a restaurant, you sit down at a table, and there's a little sign on the table, use this QR code to view our menu, well, you trust the restaurant. You're actually physically there. You're about to eat there and then pay them afterwards. So there is no reason not to trust that QR code that actually goes to the menu. It is the same thing when you're ready to pay. You would probably hand them your credit card and let them take that away to run the card, at least in the United States that is still pretty much how it is done. So why wouldn't you trust the QR code that appears on the receipt they may give you.

If you find these videos valuable consider joining the more than 2000 others that support MacMost at Patreon. You get exclusive content, course discounts, and more. You can read about it at macmost.com/patreon. 

Also, consider the stakes. Like if you see a poster for a concert and there is a QR code to get more information, well it is just going to take you to a page that's just going to show you information like the address for the venue, the time, that kind of thing. Pretty low stakes. You don't expect to go to a page that's going to ask you for personal information for instance. So if you use the QR code and you go there and that's all it is, well the stakes aren't really that high. It's perfectly fine. The same for menus at restaurants. You expect to go to a page to show you the menu. If that's all you see you're fine. 

You also may use a QR code for tipping and the stakes are pretty low there as well. For instance, somebody playing music in the park or a shuttle bus driver may show you a QR code that allows you to tip them. These will almost always take you to a payment app like Venmo. When you're paying through Venmo there's barrier between you and the recipient. A person showing you the QR code of course wants to get the few dollars you're going to send them. If your intention is to send $5 to somebody why would that person mislead you about where the $5 is going. It is certainly going to them. It's not like they get any real information about you because there is that app you're using where the money is getting sent through it. It's not like you're logging into a site they created and giving them your credit card information. 

Now when you use a QR code, of course check the domain name that it is sending you to, to make sure it makes sense. If it's say a parking meter and the domain name is for the name of that parking meter company then it kind of makes sense. Do be suspicious of QR codes that are used in places where links should be used. For instance you should never get an email or text with a QR code. You're in a place where they can just send you a link and you can click or tap on that link. A QR code can only be used in that situation to obfuscate the location where you're going to. 

Now keep in mind while QR codes really aren't any more dangerous than an URL they aren't any safer than an URL either. So you should be just as suspicious of a QR code as any other link. Be on the lookout for scams, especially phishing attacks where either a link or a QR code sends you to someplace where you are not supposed to be and now you're handing over information. If you got an email asking for payment or something you would normally not click on the link but instead go to the website for that company and pay them there. The same thing with a QR code. If you are using an app or you're using a website normally to make payments don't use the QR code just as you wouldn't use the link. Go directly to that site or app. 

Now there aren't many real world examples of QR codes being used for scams. But there have been some reports of parking meters where somebody has taken a QR code and pasted it over the official one. So, the rest of the sign or sticker looks legit but when you use the QR code you actually end up going to a scammer's site and giving them information or your payment. But it is easy to get around these and typically parking lots all use different apps that you may already have or you can easily get in the App Store. The logos are usually shown at the parking lot and you can just go into the app and the app will use your GPS location to figure out where you are and let you pay for parking without ever having to scan the code. 

So be on the lookout for things like that. But they still seem to be very rare as the scammer has to actually physically do something to run the scam and it's much easier for them to do scams that are just completely online where they can be on the other side of the world. 

In summary, it is completely okay to use QR codes in situations where you are just looking to get information, like a menu at a restaurant. It is also okay to use them to pay for something as long as you trust the establishment and the person giving you the QR code, like when you're finished eating at a restaurant. Hope you found this useful. Thanks for watching.