QR Code Can Be Malicious

 QR is short for Quick Response. QR Codes were invented in Japan in the mid 90s, well before the ubiquity of smart phones, to help track parts in a vehicle parts manufacturing plant. They can store 300 times more data than a barcode. Typically they are a square shaped image comprising different arrangements of black and white pixels, although they can be customised with colours and logos too.

What is the Potential for Harm? 

QR Codes, like many things, can be used for good or evil. It’s also important to note that QR Codes can be designed to be dynamic, meaning the data stored in them can be edited later. The code itself simply stores the data as instructed by the person creating it, and this data can be malicious. Meaning that by scanning the code you could find yourself: inadvertently on a malicious website or viewing inappropriate or unexpected content led to a phishing site that may look legitimate but is attempting to trick you into entering sensitive information, such as login credentials unknowingly downloading an application with malware, such as a virus or ransomware, on to your device. 

What Can You Do to Protect Yourself?

 So, what can you do to reduce your risk when it comes to QR Codes created with ill-intent? As with advice when it comes to clicking on links or downloading attachments in emails or text messages the same goes for QR Codes — exercise caution! 

•  If in doubt think twice about scanning and avoid scanning purely for curiosity’s sake, some criminals rely on this human trait.

• If using the smart phone camera, read the notification before confirming the click through. The notification should tell you the URL of the website it’s going to.

• If you’re checking in for contact tracing use the scanner in the app instead of your camera. If it’s not the correct code it should come up with an error message. 
•  If the scan takes you to a site to enter sensitive personal information, passwords, or payment details make sure you verify the link is legitimate before entering anything.

Remember: Think before you click, scan, or share anything online. If in doubt trust your instincts and stop interacting. Cyber security is everyone’s responsibility in the workplace and at home. We all need to exercise caution and due diligence when interacting online