QR (quick response) codes are two-dimensional barcode images that are readable by a smartphone with a camera or a mobile device using visual scanning technology. They are intended to make your life easier, by allowing you to point or tap on the encoded image that will link you to a specific web page, as opposed to typing in a long string of characters.
They are usually presented as small squares that are included on many print or digital advertisements—on menus, billboards, television ads, business cards, flyers, posters and more.
Once you click on one with your phone app, it will directly take you to the merchant’s website, containing more information on a particular subject, product, service or promotion. Because QR codes entice more people into visiting a website or a piece of content, marketers have made them more common. They’re used to easily access websites, videos, text, maps, pictures, contact information, and more.
The many benefits of using QR codes
- QR codes rose in popularity during the pandemic, as a way for people to reduce contact
- They’re quick, convenient and error-free way to get more information
- They are more informative, providing almost limitless information compared to a limited-space print ad
- They add rich content, such as a video or scalable map
- They’re interactive—allowing you to participate in things like contests, provide survey feedback, or make a purchase straight from the ad or flyer
- They provide an easier way to save data—such as directly saving contacts onto your smartphone
Things to watch out for
While convenient, many people have stopped thinking about how the codes work. Their ubiquitous nature has created an almost reflexive scanning on first-sight by users.
Unfortunately, the useful qualities that make QR codes popular for users has also drawn the attention of cyber criminals.
Therefore, the FBI warns that you need to exercise the same caution you would if you were opening an email, text or surfing the internet. In these instances, the QR code hides malicious links and attempts to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.
Scanning a QR code could automatically load a web page or starts a phone call to a predefined number. It could also transmit your personal contact details such as a phone number, address and mailing information. If the data is malicious, it could place a rogue entry in your phone for you credit card information or other financial information.
Email—just like links embedded in emails, be wary of any QR codes in a questionable email. Once you click, it will bring you to (hopefully) a legitimate site.
Wi-Fi Networks—QR Codes can store Wi-Fi credentials for a quick and easy connection, but it’s not a good idea to introduce an unknown and/or possible unsecure network to your preferred list.
Location Coordinates—don’t share this information with others. Why does Starbucks or any other retailer need to know where you are?
Social Media Profile—scanning a code for Instagram or Twitter initiates a “follow” for these sites. The account being followed may have access to your personal information.
QR codes on a wall, building, computer screen or even a business card should be avoided if possible. A scammer could easily paste a malicious code on top of a real one and create their own copies on a menu or flyer, for example.
Tips to protect yourself
The FBI provides some best practices when using QR codes:
- Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
- If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
- Do not download an app from a QR code. Use your phone’s app store for a safer download.
- If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
- Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.
Resources: Security Awareness, Forbes, the Washington Post, Reader’s Digest, The Federal Bureau of Investigation