Have you heard about those QR codes? Those pictures popping up everywhere resembling a bricked cow you can scan with your phone? It’s a major buzz word/technology thingy right now. Companies too lazy to reserve a short domain URL can now force the customer to scan a piece of cow to go directly to their product site. Often these cows are accompanied with a small text stating “scan this” – no further explanation given.
This is funny since those who scan them usually do not think about where they’re directed to since there’s no way to make anything out of the picture. It’s like using Google’s ‘I feel lucky’ feature with a slight possibility to end up on an harmful site. Given the recent disclosure of how easy it is to wipe out an Samsung Galaxy phone you should not feel safe. At all. Regardless of device.
All the speakers at a security conference I attended recently had a mantra. “Stop, think, click”. All in all a very good way to avoid being scammed. But – at the very end of each presentation or speak they showed us a piece of cow. Ok – they did state to which URL you were to be directed to. Thumbs up for that. But wait a minute. If I had been a speaker at this conference I would make sure that the cow redirected you to something elsewhere than the URL shown. Just to make a point that you should not trust QR. If it walks like a duck and talks like a duck it might be a dog disguised as a sheep imitating a duck.