• ReadFanon [any, any]@hexbear.net
      link
      fedilink
      English
      arrow-up
      23
      ·
      edit-2
      9 months ago

      For real, if you’re scanning QR codes… you shouldn’t be. They are not secure and it’s infinitely easier to hijack a business QR code than it is to install a card skimmer, except a QR code can be used to gain access to vastly more than just your credit card details.

      On a similar note there’s this company I have purchased a consumable good from online that I opted for auto-renewal with because it’s cheaper. I have a new card since I signed up with them so the transaction didn’t go through this time around and there’s nowhere on their website to change my card details. It takes idk 24-48 hours and then I get this text message saying something along the lines of “Your card has failed to process, please follow this (url shortened link) to update your details”. The shortened url leads to a 3rd party payment processing and credential-storing website that is a reputable e-commerce frontend so I’m 99% it’s legitimate but I was like “Naw, fuck that” and sent their company director a blistering email saying that their payment processing is virtually indistinguishable from a phishing scam and to do better.

      I haven’t updated my card details with them since that email and their garbage tier “I can assure you that the message you received is verified and was sent from by our team” response in protest.

      Fucken tone deaf bullshit. My problem wasn’t me saying “Can you please verify that you sent me this message?” (MFer, do you want me to email you every time I need to update my card details to verify this shit??) but it was that their processes are extremely vulnerable to exploits and, although I’m fairly confident that I can identify that it’s legitimate, I don’t want to have to go through the process of carefully checking the unshortened url for any sneaky typographical anomalies and sussing out the whole website and it creates such a lax security culture that it encourages people who aren’t tech savvy to drop their guard, which can easily lead to personal disaster.

      Fuck all companies, fuck capitalism etc. etc. but such blatant, negligent disregard for customer security is just straight-up bullshit.
      /rant

        • AernaLingus [any]@hexbear.net
          link
          fedilink
          English
          arrow-up
          7
          ·
          9 months ago

          Same! I use SecScanQR—free and open source, does exactly what I need it to and nothing more. One thing not made obvious by its interface is that you can use the Android share function to scan from an existing image as well, which is handy for when you come across one on the net.