Could you spot a fake QR code?

This past year, QR codes have proven to be one of the most popular methods of zero contact interaction. However, like shaking hands, QR codes might give you more than you bargained for thanks to a growing sector of scammers who are taking advantage of the systems unique combination of speed and ease.

The main threat is when you scan a QR Code, it could have a malicious URL in it that takes you to a site with malware (short for malicious software) that can be installed on your mobile device without realizing.

71% of respondents cannot distinguish between a legitimate and malicious QR code and nearly 17% have had a QR code misdirect their mobile device to a suspicious site. (MobileIron)

What can we do about this growing cyber threat?

For Individuals:

Make sure that you have the QR code review enabled on your scanning app. This will allow you to see what the code is attempting to do before actually doing it. If your scanning app does not have a review mode, don’t use it and find one that does. Pay attention to the preview of the QR code and if it seems fishy don’t trust it. There is usually an opportunity to see the URL that the QR code is attempting to take you to. Pay attention to the address and don’t trust strange addresses.

Inspect the QR code to make sure that it’s not a sticker. Before scanning a code, feel it to ensure that it is not a sticker on top of another code. If you find this, report it to the owner of the business where you found it.

For Businesses:

Marketing and HR departments must be included in a businesses cyber strategy. It is important to recognize that cybersecurity is not just the realm of your IT department. To be better protected, businesses have to look at cybersecurity holistically to ensure that their processes, clients and customers are protected. This means all departments need to understand cyber fundamentals.

If your business uses QR codes, have your staff check your posters to ensure that no one has replaced your QR code with a sticker of a malicious QR code. Consider putting posters or codes behind or under glass table tops so they are less accessible, and it’s easy to spot malicious QR code stickers. 

You should not use QR codes to prompt credentials (ie. asking for a username or password). They should only be used for website reference and promotions only, nothing that you need to input data into.

Cybersecurity is a community problem with community solutions. Working together, including and training all your business teams, your partners and suppliers is an effective means of protecting your assets, data and clients.