Data Privacy and Security, October 2022

Stop before you Scan: QR Codes and Cybersecurity

Written by Alex Magid, Information Privacy and Compliance Analyst

You see them on hallway walls, in emails, and in place of traditional restaurant menus. Quick Response Codes, commonly referred to as QR Codes, are machine-scannable images that can be read using a Smartphone camera. Every QR code consists of a number of squares and dots which represent certain pieces of information. When your Smartphone scans this code, it translates that information into something that can be easily understood by humans – often a link to a website.

QR codes surged in popularity during the pandemic because consumers found them easy to use and businesses did not have to worry about contact contamination. QR codes are a great tool for saving space, and quickly directing people to information… and hackers know this!

Users should think about QR codes the same way we think about other phishing tactics like email scamming and social engineering. While most codes are safe, some QR codes can contain links maliciously embedded with malware so that cybercriminals can easily obtain your data such as credit card information or social security number.

How to spot authentic QR Codes

Always check the URL on the notification before clicking to be redirected. If the URL does not look like a trusted source or differs from the known company’s URL, exit out of your browser.

Attackers and pranksters have printed counterfeit QR code stickers and put them on top of existing QR codes, a common tactic that occurs in restaurants on menus, and on shared bulletin boards. So before scanning, take a quick look to see if the QR code looks out of place or seems to be a sticker when it shouldn’t be.

Users should always avoid downloading an app from a QR code and instead once learning the name of the app use their respective app stores for a safer download. Finally, if you scan a QR code, and it prompts you to download a “QR reader,” it is likely a trick used by scammers.

Have Questions?

If you have questions about how to stay safe while using QR codes, please contact the Help Desk at (helpdesk@clarku.edu, 508-793-7745)