For those who don’t know, it’s where someone takes a QR code like on a poster for a concert and puts a sticker with a different QR code on top to a fake website that looks like the concert website (or a Rick Roll).

The obvious answer is to scratch off the QR code if you notice it’s a sticker, but It’s not always acceptable -or legal- to start damaging stuff to check if it’s real or not. Also what if it’s out of reach on a sign or something?

You can’t put a little text under saying what the website is as a sort of checksum because the vandal can just write their own website under their sticker.

  • darkan15@lemmy.world
    14·
    13 hours ago

    As far as I know, the options are:

    • Use a QR reader app that doesn’t auto open links (or lets you configure it like that), so you see the URL and inspect it before opening the URL in the browser.
    • In case of a short URL, use a short URL resolver so you can see what is the real destination without actually opening the URL yourself.
    • Using a DNS with block lists (that are updated often) of known phishing sites.

    If these 3 checks fail, there is not much more you can do.