QR code and mobile phone scanning graphic.
QR code and mobile phone scanning graphic.

What are QR Codes?

Because it’s easier to show you, this is a QR code:

Website QR Code

(Don’t worry, this one just takes you to our homepage!)

They are essentially a type of barcode that can be read by scanners and mobile phone cameras. They can be used for a variety of things, such as sharing information, linking you to websites or being used to identify items.

So, what’s the problem with them?

The use of QR codes has risen in recent years – mostly thanks to the COVID-19 Pandemic. Restaurants in particular found QR codes useful to replace paper menus with digital ones.

The problem? When technology like this starts becoming popular, cyber criminals will exploit it.

Introducing ‘Quishing’

Yes, it even has its own name. Quishing is QR phishing.

Take a moment to think about all the places you have seen QR codes recently. Business leaflets, restaurant tables, event posters, even television ads. Whilst convenient, putting these QR codes out so publicly means they can be easily exploited.

 So, let’s look at some examples. First up, offline.

We’ve already mentioned how QR codes are everywhere now. What’s to stop someone sticking their own QR code on top of one on a flyer, or on a restaurant table? What’s to stop them creating a flyer pretending to be your organisation? The QR code would then redirect you to a fake page to capture your details, steal money, or trick you into installing something dangerous.

Digitally? QR codes have been used in emails to verify accounts, or on websites to encourage things like app downloads or event registrations. Phishing emails already exist, replica websites with malicious content already exist. Replicate and swap the QR code and they’ve got you.

And the reason why Quishing is so popular? Because you use your mobile phone, which is likely to have less protection than your laptop or PC.

What can you do now?

Well, unfortunately the simplest thing to do is not scan QR codes. If you can verify the source of the QR code, for example, on a business card from someone you know and trust, then it’s likely you’ll have no problem. But in the street? On an email? Avoid them at all costs.

Here are some example solutions:

If you see a flyer for an event you’re interested in, open your browser and search for the event. Don’t scan the QR code.

If you’re asked to scan a QR code to download an app, go to your app store and search for the app. Don’t scan the QR code.

If you get an email saying you need to verify information by scanning a QR code, contact the company directly to confirm it is legitimate. Don’t scan the QR code.

Remember, a zero trust approach is key to avoiding these scams.

 

Fun fact: the QR stands for quick response.

Latest Guides

Microsoft 365 Monthly Feature Update. Microsoft Logo.
Microsoft 365 Monthly Feature Update
Check out our top three Microsoft 365 feature releases each month.
Microsoft End of Life Updates with Microsoft Logo
Microsoft: End of Life Updates
Updates on Microsoft products and services that will no longer be supported.
How to Add Pronouns in Microsoft 365
Learn how to enable and add pronouns to your Microsoft 365 profile card.