Understanding the pros and cons of using QR codes and how they impact IT security

Quick response codes or QR codes have become a regular part of our everyday lives—but are they safe? 

Most of us are used to scanning a QR code to read a restaurant menu or access a mobile app, but these codes can be manipulated to steal your information or target your community. That’s why it’s important to be cautious of both the codes you use and the ones you put out into the world. 

Using codes 

It’s important to be vigilant about the QR codes you scan with your device. Be mindful of any sites you access via a code that requests payment, credentials, or personal information. Scanning QR codes that you find out in the wild can put your device and your information at risk. Malicious actors can use them to trick you into giving away information or allowing device access.  

“QR Codes are quickly becoming the default way of providing a URL for many convenient and legitimate reasons. Unfortunately, like all other technologies, QR Codes are also used for malicious purposes,” said Wayne State University CISO and Senior Director of Information Security for Computing and Information Technology Garrett McManaway. “The good news is that the way to safe from this malicious activity is to use the steps we have already learned from phishing and other social engineering attacks, such as only scanning codes from trusted sources, verifying links are legitimate and looking out for other red flags. Remember if it is too good to be true, it probably is.” 

Only scan codes from trusted entities and in familiar spaces. Alternatively, look for an accompanying direct URL that you can type into your mobile web browser. 

Creating codes 

It is just as important to be mindful of the QR codes you create. While they are an easy way to lighten your workload or reach your intended audience, how you create them and share them is important. 

Always thoroughly research web services and apps before using them to generate a QR code. These codes can easily be manipulated and abused. For extra security, make sure you publish URLs with codes that you use so your users have multiple options and peace of mind interacting with you. 

National Cyber Security Awareness Month is every October and is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. 

Back to listing