伪造的二维码很容易让人上当——扫描时要小心
Fake QR codes make for easy scams – be careful what you…
QR codes are so familiar and widespread, we tend to trust them without question. That’s exactly what scammers rely on.
二维码太熟悉、太普及了,我们倾向于不假思索地信任它们。这正是诈骗犯所依赖的。
It’s a simple thing we encounter many times every single week – often while in a hurry. You pull up at a parking spot, scan a QR code and pay within seconds. Or you sit down at a cafe, scan a code to view the menu and order your meal.
这是一个我们每周都会遇到很多次的简单事情——通常是在匆忙的时候。你停到停车位,扫描一个二维码,几秒钟内就支付了。或者你在咖啡馆坐下,扫描一个代码查看菜单并点餐。
At the train station, you scan the code on the poster for timetable updates. QR codes are increasingly used in public transport systems worldwide for ticketing, payments and accessing real-time information.
在火车站,你扫描海报上的代码来查看时刻表更新。二维码正越来越多地被全球公共交通系统用于购票、支付和获取实时信息。
Because QR codes are so widespread, scammers naturally find them appealing too. Here’s what you need to know to stay safe.
由于二维码如此普及,骗子自然也觉得它们很有吸引力。以下是您需要了解的,以确保您安全。
What are QR codes?
什么是二维码?
A QR (quick response) code is a type of barcode that stores information and encoded data in a square pattern of black and white pixels. They were first developed in 1994 by Japanese company Denso Wave for labelling automotive parts.
二维码(Quick Response)是一种条形码类型,它以黑白像素的方格图案存储信息和编码数据。它最初于1994年由日本公司德恩股份(Denso Wave)开发,用于汽车零部件的标签。
Today QR codes are widely used because they’re quick to create and easy to scan without needing a specialised scanner – a smartphone camera will do. They’re designed to remove friction: you scan, and something happens instantly.
如今,二维码被广泛使用,因为它们易于创建,而且扫描起来很容易,不需要专业的扫描仪——智能手机摄像头就可以完成。它们的设计目的是消除摩擦:你扫描一下,就会立即发生某件事。
However, a QR code doesn’t show you where it leads until after it’s scanned. Your device can perform a range of functions after scanning a QR code: open up a web page, check you in to a location, or even connect your device to a wireless network without needing to type anything.
然而,二维码在扫描之前并不会显示它会导向哪里。扫描二维码后,您的设备可以执行一系列功能:打开网页、在某个地点签到,甚至无需输入任何内容即可将您的设备连接到无线网络。
That’s what makes it so useful, but also potentially risky. Malicious QR codes can redirect users to fake websites or prompt them to download harmful content. QR codes are so familiar and widespread, we tend to trust them without question. That’s exactly what scammers rely on.
这就是它如此有用,但也可能存在风险的原因。恶意二维码可以将用户重定向到虚假网站,或诱导他们下载有害内容。二维码过于熟悉和普及,我们往往会不假思索地信任它们。而这正是骗子所依赖的。
What to look out for
需要注意的事项
Phishing – where cyber criminals “fish” for sensitive information – is the most common type of cyber crime, typically sent by email or text. When a QR code is involved, that becomes “quishing” – short for QR phishing.
网络钓鱼(Phishing)——网络犯罪分子“垂钓”敏感信息——是最常见的网络犯罪类型,通常通过电子邮件或短信发送。当涉及二维码时,这就变成了“二维码钓鱼”(quishing)——这是“QR phishing”的简称。
Scammers now include QR codes in emails or text messages instead of clickable links. When scanned, the code directs users to fake login pages or payment sites. Because there’s no visible link, these messages can seem more trustworthy and can even bypass some email security filters.
诈骗犯现在不再使用可点击的链接,而是将二维码嵌入到电子邮件或短信中。扫描该代码后,用户会被引导至虚假的登录页面或支付网站。由于没有可见的链接,这些信息看起来更可信,甚至可以绕过一些电子邮件安全过滤器。
Malicious downloads
恶意下载
Some QR codes don’t just take you to a website – they trigger an app or file download, which could contain malware. This can give attackers access to your device, data or accounts. Because the action happens quickly, you may not have time to question whether the download is legitimate.
有些二维码不仅仅会带你到一个网站——它们会触发应用程序或文件下载,这些文件可能包含恶意软件。这可能让攻击者获取你设备、数据或账户的访问权限。由于操作发生得很快,你可能来不及质疑该下载是否合法。
Fake QR codes in public places
公共场所的假二维码
One of the simplest methods to trick people involves placing a sticker with a fake QR code over a legitimate one. For example, scammers have been caught sticking fraudulent QR codes on parking meters. When drivers scan the code, they are taken to a fake payment page and asked to enter their card details. Posters, flyers and other signs in public places may also contain malicious QR codes.
最简单的一种欺骗方法是,将贴有假二维码的贴纸覆盖在合法的二维码上。例如,诈骗犯曾被发现将欺诈性二维码贴在停车计时器上。当司机扫描该代码时,他们会被带到一个虚假的支付页面,并被要求输入卡片详细信息。公共场所的海报、传单和其他标志也可能包含恶意二维码。
Redirect scams
重定向诈骗
Even when a QR code looks legitimate, it may redirect you through multiple websites before landing on a fake page. This makes it harder to detect suspicious activity. By the time you see the final page, it may look convincing enough to trust.
即使二维码看起来是合法的,它也可能通过多个网站重定向,最终到达一个虚假的页面。这使得检测可疑活动更加困难。等到你看到最终页面时,它可能看起来足够令人信服,让你放松警惕。
How to stay safe
如何保持安全
The good news is you don’t need to stop using QR codes. You just need to use them more carefully.
好消息是,您不需要停止使用二维码。您只需要更谨慎地使用它们。
Treat QR codes like unknown links. If you wouldn’t click a random link, don’t scan a random QR code.
将二维码视为未知链接。如果您不会点击随机链接,就不要扫描随机的二维码。
Check for signs of tampering. In public places, look closely at the code. Is it a sticker placed over another one? Does anything look out of place?
检查是否有篡改的迹象。在公共场所,仔细查看代码。它是否是贴在另一个代码上的贴纸?是否有任何地方看起来不正常?
Look at the web address before proceeding. Many phones now show a preview of the hyperlink retrieved via the QR code before opening it. Don’t just hit “go”, take a moment to check it looks legitimate.
在继续之前查看网址。许多手机现在在打开之前会显示通过二维码获取的超链接预览。不要只是点击“前往”,花点时间检查它是否看起来合法。
Avoid scanning codes from unsolicited messages. If you receive a QR code via email or text asking you to log in or make a payment, don’t use it. Go directly to the official website instead.
避免扫描来自未经请求的消息中的代码。如果您通过电子邮件或短信收到要求您登录或付款的二维码,请不要使用它。请直接访问官方网站。
Don’t rush to enter personal details. If a site asks for sensitive information, pause. Double-check you’re on the correct website.
不要急于输入个人详细信息。如果网站要求提供敏感信息,请停顿一下。仔细检查您是否在正确的网站上。
Keep your phone updated. Security updates may sometimes feel like a nuisance, but they do help protect your device against malicious sites and downloads.
保持手机更新。安全更新有时可能让人觉得麻烦,但它们确实有助于保护您的设备免受恶意网站和下载的侵害。
QR codes are not dangerous by themselves. They are useful tools that make everyday tasks easier. But they remove a key safety step: the ability to see where you’re going before you get there.
二维码本身并不危险。它们是让日常任务更轻松的有用工具。但它们消除了一个关键的安全步骤:在到达之前看到自己去向的能力。
The next time you scan a QR code, take a second to think. In a world where scams are getting smarter, the safest habit is simple – don’t trust the code and verify where it leads.
下次扫描二维码时,花一秒钟思考。在一个诈骗越来越聪明的世界里,最安全的习惯很简单——不要相信代码,要核实它指向何处。
Meena Jha does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
Meena Jha 不受任何从本文中受益的公司或组织的雇佣、咨询、拥有股份或获得资金,并且除了其学术任命之外,没有披露任何相关的隶属关系。
