You may have noticed that we’re firmly in the QR code era – every restaurant, state agency, and store you interact with has a prominent QR code. The technology is convenient, getting us to the information we want quickly and directly, while hiding the actual destination until we’ve arrived. This means that what QR codes and URL shorteners provide in terms of convenience costs us in terms of security. So how do you know if a QR code or a short URL is safe to use?
trust no one
First, never assume a short URL or QR code is legit – aalways suppose that is not the case. They are easy to generate, and bad QR code stickers can be easily applied over a legitimate QR code in a restaurant, for example. So, even if you think you are opening the beer list of your favorite brewery, you might be redirected to a phishing scam or other dangerous site. It’s so easy to fake a QR code in a public place that you should just assume it’s all false.
Also, anyone can throw out a short URL in an email, text, or other communication and you may have no way of knowing if it’s legit or not – so assume those are also harmful.
The safest thing to do when a business offers a short URL or QR code for convenience is to go directly to their site manually. Yes, it defeats the purpose of these tools, but it’s the only way to make sure your phone or other device isn’t hacked.
If the QR code or short URL is supposed to take you to a website that you can’t just access on your browser, ask the company to give you a new menu or other document with the code or URL. above. This at least minimizes the possibility that the code you are about to scan has been compromised.
Get a scanner
Another option is to add some security. You can replace your original QR code scanner with a more secure version which will check the URL you are directed to and give you the option to skip it or continue. Some phone operating systems have this feature built into their original QR code scanner, so you may already have this protection.
For short URLs, you have a few options. If the URL was generated by Bitly, you can simply add a plus sign (“+”) to the URL and Bitly will display a Overview. Another popular URL shortener, TinyURL, offers similar preview functionality – just place “preview” in in front of the shortened URL. You can also paste the short URL into a site like Shorten.it to see where he wants to take you before you commit.
It’s a fact of life that convenience often trumps security, and we live in a world where compromising our phone is a lot like leaving our house unlocked with the door wide open. A few extra seconds of due diligence when it comes to short URLs and QR codes can save you a lot of heartache.