Qr codes, two-dimensional barcodes contained within two-colored squares, are increasingly popular. These codes, once scanned with an electronic device such as a smartphone, are able to quickly transmit a series of information and are used in the most varied ways: from digital menus in bars and restaurants to booking medical visits, from electronic invoicing to Bitcoin transactions. . More recently, this technology has also been adopted to contain information relating to the Green pass, the “green certificate” that will be used to travel and access events in Italy and Europe.
But a lot of attention must be paid. The QR code associated with the Green pass could be exploited by cybercriminals to carry out new types of hacker attacks. The alarm, launched by cybersecurity experts, comes after the privacy guarantor’s exhortation not to exhibit on social media the green certificate, as it contains personal information that can be used for targeted attacks and identity theft. And if giving others access to our sensitive information is dangerous, so is connecting to unsafe sites that can facilitate entry into our security devices. virus e trojan. The scan of a malicious code can in fact automatically direct users to an internet address of phishing where you are asked to enter your e-mail address and other credentials: in this way you can get access to the user’s accounts. Another risk is to be directed to an illegitimate app-store, where one is led to unknowingly download malicious applications containing malware.
“The increase in the use of mobile devices to carry out many of our daily activities exposes us to new risks – explains Massimo Grandesso, Innovery cybersecurity manager – the lack of awareness of the possible threats that scanning a QR Code can convey, is for us an ever more pressing concern “. The expert then adds: «Qr codes sent by e-mail are able to evade normal anti-phishing systems:« Qishing », as this technique is called, works exactly like clicking on a link. For this reason the same precautions should be used as for the latter ».
The advice of the experts to limit the risks is simple: do not share the QR code on social networks, always avoid the automatic opening of a page from the QR code and first carefully view the internet address on which you will land. In addition, you must always make sure that the code comes from a reliable source and, when it comes to printed codes, such as on a menu, make sure that they are the originals and that no “duplicates” have been affixed to them. Another tip concerns the installation of the Qr reader on your smartphone: if there is no integrated one, make sure that you download a certified one. Finally, you must avoid scanning Qr code from social channels or arrived via e-mail if not expected.
Another front in which we must keep our guard up are instant messages: on Whatsapp and via e-mail fake links can arrive that invite you to download the green certification, but in reality they end up stealing personal data and draining telephone credit.