When you think of cybercrime, you probably focus on threats that invade your space while you’re actively online.
But QR codes—and the smartphones that scan them—make it easy for bad guys to invade your privacy from objects in your offline, real-life world.
Posters, flyers, and stickers with QR codes are all potential vectors for a cyberattack. Scanning one with your phone and following the link could land you on a malicious website where your identity could be further compromised.
To cite one recent example, posters advertising a concert by a popular DJ were plastered all over downtown Seattle. Interested (but gullible) fans scanned the QR code for information and were taken to a website where a clicker told them there were only 41 tickets left. Every few moments that number would decrease by a few, to ramp up the urgency until—bingo!—the customer entered their credit card information. You know the rest of the story.
The takeaways:
- Don’t scan QR codes unless you know and trust the source.
- Be careful of stickers placed over existing legitimate QR codes.
- Check the address of whatever website a QR code wants to redirect you to, and make sure it’s legit. If it seems sketchy, it’s probably worse than sketchy.
Let us know if you want to discuss improving your organization’s cyber hygiene.
