QR Codes: Check Before You Snap

Over the past few years implementation of QR codes has significantly increased due to the innovation of contactless practices. Honestly, I remember the usage of QR codes a long time ago as a fun and quick way to use a dedicated app to scan and send you to whatever link. Now in 2022 you can use your camera on your phone to scan any QR code with a normal purpose (see examples below).

Scan A QR Code Examples

  • Open a restaurant menu
  • View event information
  • View an advertisement
  • Promotional campaign
  • Fast check out at a store
  • Access product directions

One day I’m at a restaurant and thought wow everyone is forced to use a QR code to view the menu. Now, 100% this is very convenient and definitely an innovative practice in the food services industry. However, all and I mean all customers scan the codes with their phones with the trust the code is legitimate.

But what if it wasn’t?

The idea of scanning any QR code is the same as clicking a suspicious link in a phishing email. All a person has to do is place rogue QR codes on tables, handouts, advertisements, etc and you have a high risk of a cybersecurity incident.

We live in a world where cybersecurity practices is an essential human skill. There are a variety of practices everyone should be cognizant of including understanding of social engineering and ways to combat them. In the world of QR codes, I started using the app Sophos Intercept X for Mobile (Apple, Google Play). There are several capabilities within this app for mobile protection, the one feature I really like is the Secure QR Code Scanner. Essentially, when you scan a QR code with this app it will give you a synopsis on what the link visits and if it is secure.

Example: Your Camera App Scanning a QR Code

Example: Sophos App Scanning a QR Code

Clearly we notice some distinct differences between scanning a QR code with your phone and a security app such as Sophos. Big take away is social engineering comes in many forms and it is in your best interest to update QR scanning practices to ensure your security.