Quick Response (QR) codes can be found in different places. Some common use cases includes restaurants (accessing their online menu), advertising (printed and digital campaigns), payments (part of a frictionless process), and as a quick way for downloading a mobile app.
As the trust level of QR codes is generally high, and given that the destination URL is not visible and therefore can’t be easily scrutinized, those codes presents a soft target for malicious actors.
By replacing a legitimate QR code with a malicious one, unsuspecting users (after scanning the code) can find themselves in hostile territory, been redirected to a website where they can be subjected to a number of different attacks, including credential stealing, diverting of a payment to a non-legitimate account, downloading a malware to their device, and so on.
Bottom line – be vigilant! From a business perspective, know these codes can be exploited, and put your business at risk. Carefully consider the cost benefit before using them. As a user, do not use QR codes unless you have to, and even then, exercise caution before entering sensitive data or proceeding with a download of an app.