A QR (Quick Response) Code is becoming a target for cybercriminals. A QR code is a link that, when scanned with a smartphone, links to an electronic action. The scan can take the person to a website, download a file, open an app or add an event to a calendar. QR codes can be added to many different medium/products.
Cybercriminals create and use QR code links just like they use links in a phishing email. The link can take the user to a malicious website or could download malware onto a device.
Security programs should include a warning to employees to be wary of QR codes. Tips can include
- If the code is associated with an unknown or untrustworthy source, don't scan it.
- When scanning, use an app that provides a preview of the destination location.
- If the scanned url is unrelated to the name or if the website requires a login, close out of the browser.
Consider including QR code warnings as part of ongoing security training.