According to The Register's John Leyden, Symantec's Warren Sealey recently warned that "we've seen criminals using bad QR codes in busy places, putting them on stickers and putting them over genuine ones in airports and city centers."
"Often QR codes are used as a quick and handy way to share URLs with smartphone users," writes HEXUS.net's Mark Tyson. "Looking at a QR code gives the consumer no clue to what it may link to, and scammers have been exploiting this more and more, according to Symantec."
"It’s a clever ruse, particularly because many who use QR code apps don’t have the slightest clue about the potential security pitfalls," writes Geek.com's Lee Mathews. "Your less-savvy friends and family members probably don’t think twice when snapping a code with their smartphone, and not all the scanning apps out there offer any kind of defense mechanism. Without that layer of protection, all it takes is a shutter click and a redirection and the trap is sprung."
"The only thing that users can do for now to protect themselves from this threat is to download and install a QR reader that checks the website's reputation, and then offers them the option of taking them there or not," writes Help Net Security's Zeljka Zorz. "While this solution is not foolproof, it's still much better than the alternative of blindly following where the QR code takes them."