QR codes, those square barcodes that can be scanned with a smartphone camera, have become increasingly popular in recent years. With the onset of the pandemic, QR codes saw a surge in use, as they offered a touchless way for people to access information and conduct activities. According to Insider Intelligence, “the number of US smartphone users scanning a QR code is expected to increase from 83.4 million in 2022 to 99.5 million in 2025.” (Info Security Magazine, 2023)
Unfortunately, malicious threat actors have also taken notice of the popularity of QR codes and have begun to use them in cyber-attacks. These attacks typically involve hijacking normally safe QR codes and redirecting the unsuspecting user to a phishing website that can steal sensitive personal information or install malware on their device.
QR code attacks are successful because it’s nearly impossible for users to tell if the scannable image will take them to the correct website. While Android and Apple phones will alert the user as to which external link they are about to access; crafty malicious threat actors can use techniques to masquerade the domain, such as recreating a restaurant’s menu with new malicious QR codes, which can be reintroduced into circulation without the business’s knowledge.
Because most QR codes do not indicate the expected domain they are directing the user to, it can be difficult to know if you are going to the right place. Therefore, it is important for employees to be trained about the dangers of QR codes, as infections on their devices, especially if your employees use their own devices to log into work accounts, could impact business operations.
To protect yourself, you can do things like checking the web address after scanning a QR code, being careful about entering personal or financial information, and not downloading apps from QR codes. It’s important for everyone who uses QR codes to make sure they’re being safe so that you can protect yourself, and your business.
Are you looking to get training for your company, employees, or yourself? Fixed Fee I.T. offers personal training dedicated to helping your company better protect your clients and your business against threat actors. Contact us to learn more!