Jo - pièce de résistanceDo you use QR codes or do you avoid them?
Please boost for more replies. Thanks.
Please boost for more replies. Thanks.
Yes I use them, if available.
No I don’t, or rarely use them
Poll ended at .
Franchesca@JoBlakely scanning a random qr code in the wild can be a security risk, they are often used for scams, and who knows what fake websites they might link to.
Konstantin Weddige@Frantasaur @JoBlakely tbh. QR codes are not more of a risk than a printed URL. They have been used in demonstrations to scare people, but I would classify these demonstrations itself almost as a scam. They usually are based on the implicit assumption, that it would be more secure to copy the URL by hand, which it isn't. Do not rely on recognising phishy URLs to be safe online!
TL;DR QR codes are fine; don't trust any website you got from a flyer blindly.
can everything be outside now?@weddige @Frantasaur @JoBlakely QR codes are generally contextually located so more trustworthy - the restaurant table is a protected space, with the restaurant invested in making sure the QR codes do the right thing, for example.
A URL shortener or unrecognized, unmonitored URL or QR code in the wild real world, and even more so on the Internet, are to be treated with caution.
A URL shortener or unrecognized, unmonitored URL or QR code in the wild real world, and even more so on the Internet, are to be treated with caution.
@thesquirrelfish @weddige @JoBlakely it’s the context that’s the danger. You can fake the context by walking in somewhere and leaving flyers or putting stickers, and with QR codes it’s way too easy for the average person to already have the link opened before they stop and think. Scammers are never going to rely on hand typing a url, it gives the mark too much time to think. A nice QR code can feel official until it’s too late.
@Frantasaur @weddige @JoBlakely IMHO it's better to train people/yourself on what information is sensitive and how to recognize scams than to intentionally slow or deny access to whatever you're trying to promote or access.
Like as an extension of your idea we shouldn't have clickable URLs in html because they're too likely to be a spammer. I would be more on board with making the email service or printer/publisher or business liable for what they provide access to than to slow individuals access to the info they want
Like as an extension of your idea we shouldn't have clickable URLs in html because they're too likely to be a spammer. I would be more on board with making the email service or printer/publisher or business liable for what they provide access to than to slow individuals access to the info they want
@thesquirrelfish @weddige @JoBlakely well, the better the “security” the less an individual can actually do. I agree that it’s a balancing act between ease of use and being cautious. Things like restaurant QR codes where you order and pay are too wide open for abuse, ditto for charity collections via posters with QR codes. Having them on business cards or in other scenarios can be useful.
@Frantasaur @weddige @JoBlakely oh I think restaurant QR codes are more trustworthy than like giving a restaurant a credit card.
Deborah Preuss, pcc 🇨🇦@thesquirrelfish @JoBlakely @Frantasaur @weddige yes, in the US they often walk away with your cresit card, i think?
Here the waiter usually brings a mobile credit card reader (or you pay at the cash). Taxis have them too.
Here the waiter usually brings a mobile credit card reader (or you pay at the cash). Taxis have them too.
@thesquirrelfish @weddige @JoBlakely I’ve never been to a restaurant that took away my card! How can I even enter my pin if they do that? Back when they had those physical machines where they took an imprint of the numbers then maybe, but I don’t think I’ve seen that this millennium 😅
Some QR scams to watch out for
https://susqr.com/qr-code-scams
@JoBlakely @Frantasaur @weddige yeah it's the general practice in the USA for them to take the credit card away.
But mobile card readers can be hacked too, or people can do all kinds of different scams like impersonating staff(or even entire businesses). It's really just what people are invested in securing that makes security work 🤷♀️
But mobile card readers can be hacked too, or people can do all kinds of different scams like impersonating staff(or even entire businesses). It's really just what people are invested in securing that makes security work 🤷♀️
@thesquirrelfish @JoBlakely @weddige that sounds a bit oceans eleven compared to just printing out some stickers.
@Frantasaur @JoBlakely @weddige
I watched someone demo how to jack a mobile card reader at a security conference more than a decade ago, and two decades ago it was done to all the customers of a huge retail chain (TJ Maxx) .
It can be as simple as getting access to the Wi-Fi network or the device and it's a lot harder for staff & patrons to detect and they can collect more data faster and use it before they're detected as opposed to one at a time transactions through a sticker and hoping they're not shut down with charges reversed when someone reports the scam transaction. But again it's level of effort and investment by the thief versus the establishment. There's a lot of ways to scam people, and security is never guaranteed. Pickpockets still exist, and con men become billionaires and presidents 🫠
I watched someone demo how to jack a mobile card reader at a security conference more than a decade ago, and two decades ago it was done to all the customers of a huge retail chain (TJ Maxx) .
It can be as simple as getting access to the Wi-Fi network or the device and it's a lot harder for staff & patrons to detect and they can collect more data faster and use it before they're detected as opposed to one at a time transactions through a sticker and hoping they're not shut down with charges reversed when someone reports the scam transaction. But again it's level of effort and investment by the thief versus the establishment. There's a lot of ways to scam people, and security is never guaranteed. Pickpockets still exist, and con men become billionaires and presidents 🫠