QR is just image to text, most QR reading apps I have used, show you the QR content before going to the website (or let you disable opening the link directly) so you should be able to check the URL or content and see if the link is legit or not.
But let’s be honest most people don’t know or don’t even bother and that’s the real problem.
QR is just image to text, most QR reading apps I have used, show you the QR content before going to the website (or let you disable opening the link directly) so you should be able to check the URL or content and see if the link is legit or not.
But let’s be honest most people don’t know or don’t even bother and that’s the real problem.
It’s also pretty easy to disguise the malicious part. For instance, hxxp://LegitimateBusiness.com@ScamMyAss.com
(Hoping that didn’t get blocked as spam)
On many apps, that would truncate somewhere around the .com
Thankfully a lot of browsers already detect and block this behavior
Or just legitbusiness-online-order[.]com
100% they see the code and assume it can’t be mean.