FRANKLIN — In the wake of the recently concluded Summit, the annual gathering of Tennessee Baptists, a small number of attendees reported an issue in scanning the Quick Response (QR) codes that were used during the event.
Some attendees reported that the QR code directed them to sites that required users to pay a fee to continue. Messengers and guests who experienced that scenario are victims of malware.
“The known situations were people trying to scan the QR code to download the Summit app and those trying to scan the QR code for the offering during the pastors conference,” said Chris Turner, director of communication for the Tennessee Baptist Mission Board. “In both instances users were directed to a site that prompted users to pay a monthly fee. The problem turned out to be the QR reader app that people were using and not the QR codes generated and published by the TBMB.”
Turner said the TBMB’s IT department began researching the issue as soon as it became aware of the concern.
It was discovered that attendees who were using a downloaded QR reader app could have inadvertently downloaded a piece of malware that looks natural but seamlessly overlays the original site and directs the user to a scam site, said Doug Finch, TBMB’s IT director.
“Unfortunately, there are potentially an endless number of scam QR reader apps,” Finch said. “It does take some digging for users to understand if the app is legitimate or not.
“The safest approach is for users to always use their phone’s camera to read a QR code,” Finch said. “ All they need to do is simply point the camera at the QR code and then touch the screen on the prompt when it appears. It will take the user to the correct location.”
According to WYWF, a company that specializes in QR code/WiFi connectivity, all Android phones have native, built-in QR code readers in the phone’s camera and all Apple/iOS devises running iOS 11 or later operating systems also have cameras with the ability to be used as code readers.
“The bottom line is that the safest way for someone to be sure they are scanning a QR code safely is to use their phone’s camera and to not use a QR code reader app,” said Finch.
The TBMB is recommending that attendees who “subscribed” to the montly-fee service should immediately contact their credit/debit card’s issuing institution and report the security breach.
This is the first year there has been a Summit app available during the annual meeting.
There were approximately 1,420 attendees present at Summit, including messengers, guests, exhibitors and staff, and there were more than 800 downloads of the app (60 percent of those present).
To date, there are only three known cases of someone who was potentially a victim of a rogue app. B&R
