I made a QR Code for this page. Is that how you got here?
Ah, the QR Code – short for “Quick Response.” These were all the rage a few years back, and the pandemic made them highly operational again. There’s a business card service that’ll give someone your full contact info from a QR code. Handy! Restaurant menus. Presentations with the speaker’s details shown on a giant QR code on screen – you’ve probably seen those.
Here’s what we know, summarized from a few articles. Spolier alert: don’t scan QR codes. But, by all means, keep reading.
Kaspersky offers a nice history regarding the advent of the QR code: Key point in this article – QR codes can overlay, meaning a malicious one can be seen instead of the intended QR code.
There’s a bunch of detail in this article also about the different parts of the QR code.
eSecurity Planet states that the barcode-like QR codes are hackable (not the codes themselves, but the URL to which they point). Because all you see is the barcode, you – the QR code consumer – have no idea what URL lurks behind it. You can’t hover your mouse over a QR code gather more information without actually using the QR code. Remember that old game show “Let’s Make a Deal” (Google it if you don’t – it’s worth your time) – just what IS behind door number 3? It might be a tortoise when you were expecting a brand new car.
Techguard talks here about a Heinz QR code in 2015 that sent users to a URL that Heinz did not intend. This is a great resource for detailing the exact risks QR codes expose and also some suggestions.
In general, here are some QR code best practices:
- BEST: Don’t scan QR codes with mobile devices.
- BETTER: If you love QR codes and find them very helpful, make sure you use a program to do that’ll interrupt the immediate transfer of your device to the website – a scanner.
- GOOD: Live your life armed with this knowledge and then determine what to do in the future for each QR code you encounter.
Be a secure cybercitizen!