QR Code Security: To scan or not to scan

QR Code Security: To scan or not to scan

QR codes are more popular than ever. This is especially true in the food service and entertainment industries given efforts to decrease contact touch points during the pandemicThey’ve replaced menus in restaurants and promotional materials. You’ll find them on posters, brochures, and postcards in the mail. I just scanned one at church last week to fill out a survey. Like I said, they’re everywhere, and people are using them. A 2020 MobileIron study reports that 72% of the people they surveyed had scanned a code in the last month.  

These codes make life easier for consumers and businesses, but that convenience is not without risk. Bad actors can exploit security gaps in this technology by embedding malware in a QR code. That malware can exfiltrate data from your phone or send you to a phishing site. These sites encourage users to share their personal data and credentials. 

Unlike a phishing email that recipients can examine for suspicious sender emails and domains, QR codes are unreadable to peopleIndividuals can’t tell who created the code or where it’s sending them before they scan it. However, many people don’t think twice before scanning QR codes with a mobile device which is the least secure of all the devices they use. That same MobileIron study suggests that 48% of the participants had concerns about QR code security, but they used them anyway.  

Woman using smartphone for qr code payment mobile banking on application wallet.

It’s unlikely you can avoid using QR codes altogether, but you can reduce the risk of being scammed. Here are some QR Code security tips:

Examine the code: Never scan a QR code that’s printed on a sticker and placed on something or over another QR code. If it looks like it’s been changed or altered, don’t scan it.  

Examine the source: Typically, QR codes are associated with a business and printed on legitimate promotional material. If you’re not sure it’s reputable source, check it out first.  

Use a QR reader security app. There are apps that will check the security of each QR code you scan with it and alert you when it encounters a questionable link. For example: Kaspersky QR Scanner was created by cybersecurity experts. 

Never log into an app using a QR code.  

Employ device security measures on your phone to protect you from malware, viruses, and spyware. 

As always, we encourage you to be vigilant and stay safe in the cyber world.