If I promised you $100 to click this link: www.myEvilWebsiteThatWillStealYourMoney.com, you would never do that, right? That is because, first, you don’t know me, and second, you can see that this URL is highly suspicious.
Now let's imagine you have a reservation at your favorite restaurant. The host seats you at your table and tells you that the restaurant uses only QR code menus. You scan the QR code and it shows you the menu, but it also displays a banner that says, “Log into your Google account for a 10% discount!”
What would you do?
QR code security may not have even crossed your mind, since the QR code is stuck to the restaurant table and the host said you can scan it. But what if someone stuck a malicious QR code on the original one to steal your Google account credentials?
We must now ask ourselves if maybe we trust QR codes too much. How can we protect ourselves from scenarios like the one described above and still enjoy the convenience QR codes provide?