A QR code is a fast and convenient way to access a website, and businesses often use these codes on product packaging and promotional materials to guide consumers to product information and special offers.  However, malicious QR codes can be used to initiate an action that sends or costs money, install software in the background without the user’s permission, send texts and emails, pinpoint your location, collect personal information, and quietly install malware on your device.  Malicious QR codes are often indistinguishable from legitimate ones and should be scanned with caution.  Here are some tips on how to stay safe and maintain your privacy using QR codes.  


Verify Authenticity 

Legitimate printed QR codes can be covered with stickers.  You should inspect printed QR codes for signs of physical tampering and check for a sticker overlay before scanning.  Scan printed or digital codes provided by trusted resources only, but also keep in mind that cybercriminals are very clever when trying to spoof or manipulate legitimate technology.  Therefore, it is never a good idea to blindly trust QR codes.


Avoid Sharing Personal Information

When scanning a QR code, there is always a potential risk that you are being led to a malicious or phishing website designed to steal your sensitive personal and financial information.  You should avoid sharing personally identifiable information, login credentials, or payment data after scanning a QR code whenever possible.


Watch Out for Shortened Links

In general, it is a best practice to avoid shortened links from unknown sources.  URL shortening or redirecting has legitimate uses, but can also be used to disguise links to malicious websites.  You should take a moment to inspect the URL destination, and QR codes leading to a shortened link should be avoided.  For example, a shortened version of a URL may appear as instead of the full website address


Use Your Phone to Scan

Both iOS and Android smartphones and devices already contain an integrated QR code scanner.  It is a best practice to use your mobile phone’s camera to scan QR codes.  It is not recommended to download a separate QR code reader because these tools may be malicious.


Screen QR Codes for Security

There are tools available to check QR codes for you.  You may want to consider using a QR code screening app from a trusted antivirus scanner.  QR screening apps will check the URL destination, examine QR code behavior, and alert you to potentially malicious code.


Better Safe than Sorry  

If you are ever in doubt, you don’t have to scan a QR code.  You can go directly to the business website to view any information advertised with a QR code.

Published May 27, 2022