QR codes - Click and Protect

QR codes have become an increasingly common sight since the beginning of the pandemic—they are a useful ‘no physical contact’ method of doing almost anything:

Buying groceries
Checking in at locations
Ordering food at a restaurant
Making payments and using discount vouchers
Downloading apps
Providing additional information about an item, a location—potentially in a variety of languages too
Replacing hotel in-room magazines
Verification of documents such as tickets
Tracking products and packages…
And so on.

There are increasingly creative ways of using QR codes, and most provide a useful and efficient way of helping us complete our intended tasks.

However, they can also be misused.

In the same way that criminals use disguised links in emails to lead people to malicious sites, to steal their personal information or to cause them to download malware, QR codes can be used to steal your data, redirect your payments, or embed malware onto your devices.

Most QR codes are completely legitimate, and very useful. However, we should be careful about which QR codes we scan and what we do if we do scan one. It’s probably not a good idea to scan a random QR code on a sticker on your local postbox, or to automatically click through to the destination URL—you might not like where you end up.

Tips on protecting yourself from malicious QR codes

Earlier this year, the FBI issued an alert (Internet Crime Complaint Center (IC3) | Cybercriminals Tampering with QR Codes to Steal Victim Funds) with advice on how to protect yourself from malicious QR codes.

Don’t scan random QR codes from unknown sources.
Check the URL displayed before clicking on it. Most phones now have a built-in scanner in their camera app.
Be extra careful about entering any personal or financial information, or any passwords, into a website reached via a QR code.
If the QR code is physical, make sure it’s not been tampered with (for instance, with a sticker placed over the top of the original one).
Use your phone’s app store to locate an app, rather than go via a QR code.
Avoid making payments through a site reached via a QR code – instead, type in a known and trusted URL.
If you get an email stating that a payment failed and that you must complete the payment through a QR code, be suspicious. Contact the company direct, using information on their website rather than any information in the email.

Interested in more information? Sign up for our newsletter. Want help with your company’s cyber security? Contact the Click and Protect team on 0113 733 6230.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

QR codes: be careful of links in disguise

Tips on protecting yourself from malicious QR codes

You might also be interested in: