QR codes have become increasingly popular in recent years and are used in a variety of ways, from marketing to payments. Insider Intelligence reports US smartphone users scanning a QR code will increase from 83.4 million in 2022 to 99.5 million in 2025. While QR codes offer a convenient way to access information, they also present security risks.
QR codes are essentially a type of barcode that can be scanned with a smartphone or other device to access information. This information can include URLs, contact information, or even payment information. While this makes it easy to access information quickly, it also makes it easy for malicious actors to access your data.
Qishing is a form of phishing that uses QR codes to direct unsuspecting victims to malicious websites or trick them into downloading malware. According to recent Trustwave Spiderlabs research, qishing emails appear similar to phishing emails, with the main difference being the inclusion of a QR code. These emails often mimic messages from legitimate companies, such as Microsoft or DocuSign, and are designed to trick the victim into thinking their session has expired and they must authenticate again. When the victim scans the QR code, they are sent to a fake web page that requests account and credential information. Qishing presents fewer “red flags” for defenses to detect, as most email filters check message content to block suspicious URLs and QR codes require shorter HTML source code to embed a malicious link.
Another security risk associated with QR codes is malware. Malware is malicious software that can be installed on your device without your knowledge. Malware can be used to steal your personal information or to gain access to your device. Malware can be hidden in QR codes, so it’s important to be aware of this risk.
Finally, QR codes can also be used to track your location. This is because the code contains information about where it was scanned. This information can be used to track your movements and can be used for malicious purposes.
Fortunately, there are steps you can take to protect yourself from these security risks. The National Cybersecurity Center (NCC) encourages good cyber-hygiene so that if a malicious QR code is scanned, there is a reduced chance of it creating harm. Here’s what you can do:
While QR codes offer a convenient way to access information, it’s important to be aware of the potential security risks and take steps to protect yourself.