QR is just image to text, most QR reading apps I have used, show you the QR content before going to the website (or let you disable opening the link directly) so you should be able to check the URL or content and see if the link is legit or not.
But let’s be honest most people don’t know or don’t even bother and that’s the real problem.
QR is just image to text, most QR reading apps I have used, show you the QR content before going to the website (or let you disable opening the link directly) so you should be able to check the URL or content and see if the link is legit or not.
But let’s be honest most people don’t know or don’t even bother and that’s the real problem.
It’s also pretty easy to disguise the malicious part. For instance, hxxp://[email protected]
(Hoping that didn’t get blocked as spam)
On many apps, that would truncate somewhere around the .com
Or just legitbusiness-online-order[.]com
Thankfully a lot of browsers already detect and block this behavior