When QR codes first appeared in the nineties, they seemed like a great idea - a quick way to access information without much effort. Fast forward to today and you see QR codes everywhere: plastered on ads, magazines, billboards, and even on business cards. QR codes are (quick response) barcodes for mobile devices. QR codes offer businesses a way to get their audience to act quickly and effortlessly. These codes have become a popular way for brands to engage with their customers and potential customers in new ways.
With any new technology comes questions about the privacy and security of using it, and the same is true for QR codes and their safety, with the main concern being the possibility of cyber criminals using QR codes as a tactic to install malware on devices or to gain access to private, personal and financial information. Here, you will find information on the best practices when it comes to QR code safety, both for when scanning QR codes and using them for your business.
But first, are QR codes safe? In short, yes. QR’s themselves are safe as they don’t have any intrinsic security risks. However, other elements involved in the use of QR codes, such as mobile devices do. Although unlikely, there are several ways that cybercriminals can utilise QR codes to access private data. As such, it’s important to be aware that mobile devices are still at risk when they scan a QR code and there are several ways attackers can use QR codes as a ploy.
Read more here: Increasing cybercrime threats daily mean no one is immune
The most common way that scammers and hackers use QR codes is by creating fake ones. These fake QR codes contain links to websites that will automatically download malware onto your device without you even knowing it. This is called "malvertising," a type of advertising that uses malicious software to attack computers and mobile devices.
Another way scammers and hackers use QR codes are by creating them for legitimate businesses or organisations and then directing users to websites that hackers have altered. For example, one might be directed to a website that looks like a legitimate company when it’s not. There might be a one-letter difference in the website URL that one wouldn’t easily notice. These sites will try to trick users into giving up their personal information, signing up for services, or buying products from them - all without the business's knowledge or permission!
Whether you’re a business wanting to use QR codes to engage with your customers or whether you’re a customer using a company’s QR code to access information or buy products, being aware of the above is the first step when it comes to QR code safety, followed by the best practices mentioned below.
Here’s how you can keep your business or yourself safe when using QR codes.
Best practices when using QR codes for your business:
- Don't use them instead of regular text, or as a sole means of communication. Use them only when there's something important you want to tell your customers.
- Only include links that you trust and know are safe.
- Limit the amount of information you include in QR codes. You don't want to give away too much information about your company or employees. Include only the most essential data, like the address and phone number of your office or store location, so people can easily find you if they need help or have questions about their order.
- Use a secure connection when sharing sensitive information with customers via a QR code. For example, if you're sending someone an invoice via email with a QR code attached, make sure that the email is encrypted with TLS (Transport Layer Security) or SSL (Secure Sockets Layer).
Best practices when scanning QR codes as a consumer:
- Be aware of your surroundings. If you scan a QR code in public, pay attention to who else is nearby. Scanning a QR code could lead to you downloading malware or opening up your device to hackers — so don't let yourself get distracted by social media or other apps while scanning.
- Use antivirus software and firewall protection on your phone. Antivirus software can help protect your phone against viruses and other forms of malware that can come from scanning QR codes. Firewall protection will keep hackers out of your device when you're connected to the internet through Wi-Fi or cellular data networks. Both types of software should be installed on all devices used in public places like airports and cafes where there are many people using public Wi-Fi hotspots.
- Don’t scan a QR code that looks like it’s been printed on a piece of paper or cardboard or one that has been written out by hand. If you are unsure whether the QR code is real or fake, don’t scan it. Also, be careful when scanning codes found on vehicles, especially if they have been defaced in some way.
- Before scanning any QR code, make sure you know where it came from and who created it. If possible, ask someone about its origin to determine if it is safe to scan.
- Always scan from a secure connection, but if you are scanning from an insecure connection (such as public Wi-Fi), do not enter any personal information into the app or web page that pops up after scanning the code! This includes usernames and passwords. If a website asks for personal information (like credit card numbers) before offering any content or services in exchange, this is likely a phishing scam and should not be entered into your device!
QR codes are an amazing technology and a convenient way to share or access information and links. While QR codes themselves are safe, they can still be risky due to other devices and parties involved. Whether you’re a business wanting to use QR codes to engage with your customers or a customer using a company’s QR code, being aware of the risks involved and following the best practices above will steer you away from being caught out.