Mobile phone users are being increasingly directed to WEB sites through the identification of the WEB address from a two-dimensional code on the phone. However, incidents where mobile phones direct users to malicious WEB sites are also increasing. The direct lead mechanism, in which mobile phones directly send users to an uninspected WEB address, is the most common mechanism by which users are misdirected to fraudulent WEB sites. To address this issue, a registration server for inspecting WEB addresses and storing the corresponding registration IDs in the two-dimensional code format was established. Subsequently, the reliability of directing users to WEB sites only after verifying the registration ID of the target WEB address was examined. However, this approach was susceptible to phishing and camouflage when malicious software was used to rewrite the registration ID and the relationship of the WEB address on the registration server. Therefore, an approach that uses two-dimensional codes with a secret encrypted component was proposed.