How to Know If a QR Code or a Short URL Is Safe
You may have noticed that we have firmly entered the era of the QR code – in every restaurant, government agency and store with which you interact, a QR code is displayed in a prominent place. This technology is convenient, it takes us to the information we want quickly and directly, hiding the actual destination until we arrive. This means that what QR codes and URL shorteners offer in terms of convenience costs us in terms of security. So, how do you know if it’s safe to use a QR code or a short URL?
Don’t trust anyone
First of all, never assume that a short URL or QR code is legal – always assume that it is not. They are easy to generate , and bad QR code stickers can easily be pasted over a legitimate QR code, such as in a restaurant. So, even if you think you’re opening your favorite brewery’s beer list, you may end up on a phishing site or other malicious site. Faking a QR code in a public place is so easy that you should just assume they are all fake.
Also, anyone can add a short URL to an email, text message, or other message, and you may have no way of knowing if it’s legal or not, so consider it harmful as well.
Go manually
The safest thing to do when a company offers a short URL or QR code for convenience is to go directly to their website manually. Yes, it completely defeats the purpose of these tools, but it is the only way to ensure that your phone or other device is not hacked.
If a QR code or short URL should take you to a website that you can’t just go to in your browser, ask the company to provide you with a fresh menu or other document with the code or URL. This at least minimizes the chance that the code you are about to scan has been compromised.
Get a scanner
Another option is to add some security. You can replace the standard QR code scanner with a more secure version that will check the URL you are heading to and give you the option to skip it or continue. Some phone operating systems have this feature built into the standard QR code scanner, so you may already have this protection.
For short URLs, you have several options. If the URL was generated by Bitly, you can simply add a plus sign (“+”) to the URL and Bitly will display a preview . Another popular URL shortener tool, TinyURL, offers a similar preview feature – just put “preview” in front of the shortened URL . You can also paste a short URL into a site like Unshorten.it to see where it wants to take you before committing.
It’s a fact of life that convenience often comes at the expense of security, and we live in a world where compromising our phone is like leaving our house unlocked with the door wide open. A few extra seconds of due diligence when it comes to short URLs and QR codes can save you a lot of trouble.