In Germany, the far left wants to cap the price of “doner kebabs”
Israel-Hamas war: Gaza between hope of truce and fear of Israeli offensive in the South
“Mom, Dad, please don’t die”: in the United States, a nine-year-old child saves the lives of his parents injured in a tornado
War in Ukraine: Putin orders nuclear exercises in response to Macron and “Western leaders”
A baby whose mother smoked during pregnancy will age more quickly
The euro zone economy grows in April at its best pace in almost a year but inflationary pressure increases
Children born thanks to PMA do not have more cancers than others
Breast cancer: less than one in two French women follow screening recommendations
Call for strike on Sunday at Radio France against “the repression of insolence and humor” after the suspension of Guillaume Meurice
Disney: profitable streaming for the first time, after 5 years of losses
“I’m going to four concerts... I spent 1,255 euros”: for Taylor Swift, these fans ready to break the bank
SNCF: the CEO defends the agreement on the end of career, “reasonable, balanced and useful”
A little something extra, signed Artus, exceeds one million entries in less than a week
Fred Dewilde, designer and Bataclan survivor, ended his life
“I don’t appreciate being used as media cannon fodder”: Emmanuelle Bercot responds to Isild Le Besco
Who is Deborah de Robertis, the artist who painted The Origin of the World?
Omoda 7, another Chinese car that could be manufactured in Spain
BYD chooses CA Auto Bank as financial partner in Spain
Tesla and Baidu sign key agreement to boost development of autonomous driving
Skoda Kodiaq 2024: a 'beast' plug-in hybrid SUV
The home mortgage firm rises 3.8% in February and the average interest moderates to 3.33%
This is how housing prices have changed in Spain in the last decade
The home mortgage firm drops 10% in January and interest soars to 3.46%
The jewel of the Rocío de Nagüeles urbanization: a dream villa in Marbella
Europeans: David Lisnard expresses his “essential and vital” support for François-Xavier Bellamy
Facing Jordan Bardella, the popularity match turns to Gabriel Attal’s advantage
Europeans: a senior official on the National Rally list
Blockade of Sciences Po: the right denounces a “drift”, the government charges the rebels
These French cities that will boycott the World Cup in Qatar
Mercato: Thiago Silva returns to Brazil and signs for Fluminense
Top 14: at what time and on which channel to follow the clash at the Toulouse-Stade Français summit?
Tennis: Paula Badosa, former world No.2, passes the 1st round in Rome
Tour of Italy: Italian Jonathan Milan wins the 4th stage, Pogacar still leader
In restaurants, hotels, administrations, or to rent a bike... QR codes, these small squares with black and white pixels, are now part of everyday life. Flashed using the camera, they provide direct access to a website. Through their ease of use, they have earned a special place in the administrative, commercial or even educational landscape. But they have also become an inexhaustible tool for scammers fishing for bank details or personal data. This is called “quishing”.
On fines or notices from La Poste, QR codes can be falsified in order to redirect to a malicious site, but not only that. Latest episode to date: in the Loiret department, in mid-December, electric car users had their payment information stolen by scanning a QR code stuck on a charging station. The sticker actually linked to a copy of the provider's site. Bad surprise: the offenders recovered the data, took money… and the cars were never loaded.
The risks are the same as those linked to “phishing”. This practice consists of posing as a third party (bank, telecom operator, company) in order to push the Internet user to click on a site and ask for their bank details or information, such as their password and username. According to a study by the company Kaspersky, which markets antivirus products for individuals, 65% of French people continue to be scammed by phishing attacks, and the phenomenon has increased by 61% in Europe this year.
The sites are often very similar and can therefore naturally be misleading. “It’s called mirroring. Software makes it possible to reproduce the sites to perfection. If the hacker is bad, the errors in the replica are visible, but if he is good, we cannot tell the difference,” explains Fériel Bouakkaz, teacher-researcher in cybersecurity at EFREI. “Sometimes the site downloads malware directly to the device.”
However, the process is no more complicated than that of a classic scam. “Anyone can generate a QR code, there is no need for training or specific knowledge. This can be done with a simple website, so it’s the perfect technology for cybercriminals,” underlines the expert.
However, this method is much more vicious, because we are less suspicious of a QR code than of a suspicious SMS or email, sources of many awareness campaigns. Especially since the QR code has widely developed after the Covid-19 pandemic and the health pass. “After Covid-19, a relationship of trust was established with the QR code because we got used to seeing it everywhere. It was supposed to protect us against the virus… now it can expose us to computer viruses.”
Also read: Fake PV and QR code: beware of scams for prohibited parking
By email, in the mailbox or by SMS, and now stuck on charging stations or on shop windows... cybercriminals are always inventive in stealing sensitive data. We must therefore be extra vigilant. To protect yourself against this type of scam, there are several levels of protection. “First, don’t flash anything and everything in public spaces. It's tempting to scan a QR code that announces a 10% discount at the supermarket in exchange for personal information. In these cases, you have to ask if the offer is real at the store.”
But it is also important to check the URL, that is to say the web address that appears when scanning the QR code. Finally, in the event of “phishing” (by a fake Health Insurance, CAF or operator site for example), “you must go to your personal space or contact the service in question directly”.
Also readCybersecurity: faced with scams, the French are not careful enough online
Because here the scammer does not need to go to his victim via an SMS or an e-mail mentioning an “undelivered package” or a “CPF balance which is expiring”. The victim comes, without knowing it, directly to him. Especially since while protection mechanisms already exist to automatically redirect fraudulent emails and SMS messages into (unwanted) “spam”, this is not the case for QR codes. Users are left to their own devices.
And these scams are likely to grow in the run-up to the Paris Olympic Games this summer, when the QR code will be essential. In fact, you will need to present one to travel around the Olympic sites. Scammers could try to trap the French and the estimated 15.3 million foreign tourists expected, with offers of free wifi or participation in competitions.
