The latest trend in mobile marketing, QR Codes or Quick Response Codes, is also becoming the newest pitfall in mobile phone security. Smartphones quickly scan the square, two-dimensional barcodes and immediately direct users to a website, subscribe them to an email list or download additional marketing materials. The fast and convenient solution makes QR codes the perfect way to connect with businesses during an event or tradeshow and consumers on the go. However, cybercriminals have also begun to use QR codes to infect smartphones and obtain sensitive information from these mobile devices.
Mobile phones and tablets contain an overwhelming amount of confidential data. Sensitive emails, business contacts and passwords are all available on cell phones and pads. Making this information susceptible to hackers can be disastrous and while most people have learned to think twice before clicking on a suspicious link that was emailed to them, they do not exercise the same level of caution when it comes to QR codes. This lack of protection makes QR codes a growing risk in mobile security.
Since these QR codes are still relatively new technology, security measures and protections have not been effectively developed to ensure protection for the users. Both the consumers scanning the QR codes as well as the companies developing this technology need to understand the security threats and watch for the warning signs.
Users should be aware of the mobile security risk that QR codes pose and view the website they are directed to before scanning. Various QR code applications allow the option to preview the link prior to scanning the barcode. This precaution prevents the user from scanning a code when the URL appears suspicious. Often times when a QR code is fraudulent, it will lead the user directly to a login screen. Cybercriminals use this form as a trap to retrieve personal information. In most instances, personal information should not be required when scanning a QR code. Legitimate codes will automatically complete a request or will only require contact information for subscriptions.
Businesses utilizing QR codes also have a responsibility to ensure their codes are safe and do not end up getting hacked. In order to ensure the security of their customers’ sensitive data, businesses need to provide context for the QR codes when it appears on marketing materials. This will provide users with peace of mind when the link they were expecting appears. Companies should also reveal the exact URL where the user will be directed after scanning. Make sure all the steps to the process are transparent so it does not appear your organization is attempting to take advantage of the user.
As technology continually evolves, hackers develop new and different ways to infiltrate the confidential information contained on cell phones and tablets. Though QR codes provide an ideal marketing solution for businesspeople and consumers on the go, they are becoming yet another portal cybercriminals are using to steal information. While mobile device security is still being developed for these barcodes, users need to be aware of this new area of risk to take the proper precautions when scanning QR codes to smartphones.
For more information or to view the full story QR Code Security Best Practices by Ramon Ray at http://www.businessinsider.com/qr-code-security-best-practices-2012-5.
e-Cycle’s Enterprise Solutions for End-of-Life Mobile Phone Recycling and Data Security
Helping organizations take a more responsible, secure and profitable approach to wireless mobile phone recycling, e-Cycle collects used mobile devices from businesses and organizations, reimbursing them for devices that retain value and recycling all others at no charge. The information on every phone is either deleted or destroyed using the industry’s most rigorous data security measures. In January 2012, e-Cycle became the only mobile buyback and recycling company in the world to become e-Stewards certified. To find out more on e-Cycle’s mobile phone buyback, recycling, and data deletion services, visit www.e-cycle.com.