Beware of QR codes: Those ubiquitous patterns of cyber dots could be sending you to a world of trouble, a tech expert has warned.
Phone users should always make they are using a QR code — which stands for “Quick Response” code — from a trusted source before aiming their cameras at them, as they are more highly susceptible to cyber criminals than most people realize, according Len Noe of CyberArk.
“When you sit down at a restaurant and see a QR code on the table, chances are you’ll scan it without a second thought, expecting it to take you to the menu,” says Noe.
“But what if that same QR code was embedded in an email coming from someone you don’t know? Would you be as quick to scan it — or would it give you pause?”
Noe pointed to the infamous 2022 Super Bowl Coinbase commercial that featured a minutelong multi-colored QR code that bounced around the screen.
According to Noe, the code had 20 million hits.
The cyber blogger also said that people should be extra careful when scanning QR codes that are just stickers.
Noe said that everyone should stop and ask themselves “What’s stopping a threat actor from just putting a malicious QR code sticker on top of this one?”
According to his blog, Noe detailed seven ways to prevent hackers from messing with your personal info via a QR code.
The seven steps are:
- Don’t scan it
- Slow down
- Inspect QR code URLs closely
- Look for signs of physical tampering
- Never download apps from QR codes
- Don’t make electronic payments via QR codes
- Turn on multi-factor authentication (MFA)
Noe also gave examples of some ways that hacker can use QR codes to get your data, including a realistic looking ad for a job fair with a code that sends people to a form to fill out, a form where all the data could go to hackers.
He also warned of phishing attacks that could include QR codes, such as bogus ads with the codes in emails.