The QR quandary: to scan or not to scan?

There’s no question that QR codes are a big part of our lives today. The website Persuasion-Nation cites some interesting statistic about the prevalence of QR codes in our daily lives. The number of consumers in the U.S. who scan QR codes with their smart phones, for example, is projected to have increased by 16 million over a three year period up to 2025, and 84% of all mobile users have scanned at least one QR code.

What is a QR Code?

Before going further, let’s define what a QR code is. QR is an acronym for “Quick Response.” QR codes made their debut in the 1990s as an upgrade to bar codes (remember them?). When COVID-19 changed our business landscape so significantly, QR codes became exponentially more popular as people isolated and were unable to travel about to conduct their commerce in the usual ways. The QR code was hailed as a significant improvement over the bar code in that it can store both vertically and horizontally or, in other words, it can hold much more data.

When you access a QR code, it’s typically for a website link, although these QR codes can also store images and text. Point your phone, take a picture, and it leads you right into a website. Take the QR code pictured above, for instance. If you scan it, you'll be directed to our "Tech Questions" form, which allows you to ask our tech experts questions that will be answered on our social media platforms! (Go ahead, submit a question!)

Are QR Codes Safe?

But…are QR codes immune to cyber criminals?

Unfortunately, they are not. QR users offer opportunity for cyber criminals by the sheer volume of people who rely upon these codes.

The same Persuasion-Nation report estimates that the QR code labels market will reach $2.1 billion by 2027. In 2022, the U.S. generated more than 200,000 QR codes, and by the end of 2024, 89.5 million Americans will read QR codes with their smart phones. Large brands, such as IKEA, Starbucks, General Motors, Walmart and Nike use QR codes extensively.

This is also a time when we are hearing some daunting statistics about cyber crime, so it’s important to use these codes with caution.

USA Facts reports that in 2022, 800,944 cyber-crimes were reported in the US. But while the total number of reported cyber-attacks was lower than in 2021, financial losses rose nearly 50%, from $6.9 to $10.3 billion. And Forbes reported that the year 2023 saw a notable increase in cyberattacks, resulting in more than 343 million victims. Between 2021 and 2023, data breaches rose by 72%, surpassing the previous record.

Technology Magazine reports an increase in sophisticated phishing attacks, including QR phishing (sometimes called quishing). Mobile devices may not be as secure as traditional networks and therefore can be fertile hunting grounds for cyber criminals.

A fraudulent QR code might redirect a payment through a convincing-looking third-party website, and hackers can capture credit or debit card information. Quishing attacks can take many forms, including:

• Embedding malicious QR codes in emails, which might appear to come from Human Resources and offer a link to a new benefits portal
• Embedding QR codes in social media posts, including Facebook and Instagram
• Embedding QR codes in printed materials
• Placing QR codes in physical locations like restaurants, medical offices, or bus stops. If you see a QR code taped to a telephone pole, for example, avoid it! 

Research shows that it is C-suite executives who are far more likely to receive QR code attacks than the average employee.

Protecting Against QR Code Cyber Crimes

With that said, there are many good reasons for using QR codes. They’re quick and they’re convenient. But it’s important to be vigilant and protect against malicious actors. Here are a few suggestions.

• Check the URL: After scanning a QR code, check the website address. Is it legitimate? Are there unfamiliar addresses, extra characters or a misspelled domain?
• AI may be making it more difficult to spot the work of malicious actors. Look very carefully! Artificial Intelligence (AI) has enabled the messages of cyber criminals to appear more grammatically correct and free of spelling errors. Carefully inspect the website address to make sure it matches the intended URL. Look for unfamiliar addresses, extra characters, or misspelled domains. 
• Use trusted sources – good advice in all areas of cyber protection
• Treat a QR code with the same level of suspicion that you would use in evaluating an email. Be suspicious.
• Be careful when it comes to downloading QR scanners for your Smartphone. Some are legitimate but some are not. When in doubt, check with an IT professional.

An additional concern with QR codes and websites is that each company may have different protocols when it comes to sharing information. If you access an automobile dealership website, you may receive information from auto body shops, tire shops, and car detailing companies. If that prospect is not to your liking, you can reduce intrusions by turning on your “private browsing mode” setting on your phone. Where possible, use browsers that are good about having anti-tracking features, including Safari and Firefox.

As with all matters of technology, be aware of the ongoing efforts of cyber criminals. When it comes to the security of your information, consider having a conversation with a Managed Services Provider to be sure that you are doing everything you can to protect your network and company against outside intrusions – whether that’s on site or offsite. For a no-obligation conversation, please give us a call or visit our website.