QR codes could be linked to cyber attacks. (Photo: iStock)

It’s becoming increasingly difficult to buy or sell without the use of QR codes, a technology that isn’t new, but which is picking up steam in Mexico.

Current health measures have fostered a rejection of physical menus, coins, and bills, as it’s argued that they could increase transmission of SARS-CoV-2.

In Mexico City, for example, QR codes have been incorporated into restaurants in a way never seen before.

To this end, Jonathan Zamacona, marketing course director at Platzi, an online education platform, and the first of three experts interviewed by Tec Review, says the following:

“In these establishments, you have to scan a QR code to enter and then a table is assigned. When you sit down, you must scan another QR code to view the digital menu. Finally, there’s another QR code in order to pay.”

See more: The best present could be an experience

Digital wolves in sheep’s clothing

These codes can also be found in advertisements, brochures, or websites, which could lead to personal data theft.

“This hasn’t been detected in Mexico, but cases have been reported in Spain, the United Kingdom, and the United States. Malicious QR codes, cloned by cybercriminals, can be found anywhere,” says this director.

One case could be that of a supposed company that, via adverts posted on street walls, announces vacancies for a customer service position with a good salary. People who are interested scan the printed code that takes them to a page which, eventually, is where the disguised cyber attack occurs.

“If users don’t want to become victims of a digital attack, they have to look very carefully when the QR code preview is displayed. They should look at the information that appears and, particularly, the URL. If it doesn’t begin with https (the s stands for secure), they shouldn’t click on it. If they do, they expose themselves to data theft,” explains Zamacona.

He mentions that cybercriminals use apocryphal addresses in QR codes, such as,, when www.whatsapp.web is the correct URL. So, without realizing the deception, users enter a page that looks like WhatsApp, and unfortunately, become victims of hackers.

“It’s very important that, as mobile device users, we’re aware of what type of pages we’re allowing to access our information,” he advises.

The view of a QR code promoter

The second expert consulted is Ramiro Nández, senior QR manager at Mercado Pago, a digital buying and selling tool, who agrees with Zamacona in the sense that it’s important users don’t scan QR codes that aren’t correctly identified, either to enter establishments, read menus, or to look something up on the street.

“The risk with this is that the fraudulent codes lead to another page where personal data can be requested. It’s best to activate the option for previewing links, or even download a program that checks links before opening them,” he says.

Nández points out that it’s good idea to have strong passwords and to activate notifications on phones. He also points out that the Mercado Pago app allows you to consult all the reliable establishments that accept QR code payment.

Read more: The only Latin American to enter Nature’s Top 10

Humanizing technology

Mauricio García, design technology director at frog, a digital solutions development firm, completes this shortlist of specialists. He says that QR codes aren’t a solution, but a means – with associated risks – to making online interactions more efficient.

“They’re just a mechanism for transmitting information. It’s the applications that use them and the care with which consumers and retailers use them that can make them safe,” he says.

García confirms that a QR code can be a perfect link for downloading malware or accessing a phishing site, but as long as people take care, the risk of data theft or fraud can be minimized.

To know what precautions are necessary when using QR codes, García, who’s also a Computer Science Masters graduate from Tecnológico de Monterrey’s State of Mexico campus, recommends keeping in mind the following questions:

Do I know the origin of the QR code that I’m about to read and do I trust it? Can I verify its authenticity? Is the application that I’m going to use from a reliable provider? Can I verify its authenticity? Am I disclosing only necessary information to complete the transaction while keeping my personal information private? Is the amount of payment I’m about to make correct?

What’s more, this Tec graduate says that business owners and app designers must take into account their customers’ needs to humanize payment systems.

“When using this technology, users must feel confident that they’re well informed about making secure transactions and can concentrate on savoring their food, relaxing on a trip, or thinking about the person they’re buying a gift for,” he concludes.