Broadcast: News items
Cyber Security matters – #5 Using QR codes and readers safely
Posted on behalf of: Better Sussex
Last updated: Friday, 14 June 2024
As part of our Cyber Security awareness campaign, we’re covering a new topic each month to help boost your knowledge and keep you and the University safe and secure.
This month we focus on QR codes and downloadable QR code readers and how to stay safe using them.
What is a QR code?
A QR code is a type of barcode that can be easily read by a digital device like your mobile phone. It stores information as a series of pixels which, when scanned, point you to an online destination like a website or a download link.
Most smartphones and some other devices come equipped with the technology to read QR codes built in, but where this is not the case, a wide selection of downloadable ‘reader’ apps are available from app stores to make your device QR code compatible.
Just some of a host of uses for QR codes include viewing menus at a restaurant, returning a package, quickly finding out more about a music or sport event or even asking questions at a University forum.
Why do I need to be careful with QR codes?
QR codes provide a quick, easy way to access the information you need on your mobile or digital device, so far so good right? Well yes, QR codes can be very useful, but it’s important to know that not all QR codes or downloadable readers are as safe to use as we might think.
Because it’s an easy task to create QR codes and point them to an online destination, cyber criminals often try to take advantage of the technology. A criminal may use a QR code to lead you to a fake webpage requesting personal information for example which may then end up for sale online.
Rogue QR codes can also be set up to download a malicious file to your device without your knowledge, harvesting your personal data for criminal purposes.
Downloadable QR code readers can also present risks, even when sourced from reputable suppliers. Some readers try to access location-based data from your phone or transmit the websites you’ve visited to their servers. Others use recommendations to fool you into signing up for services you don’t want and worse still, some can be set up to infect your device with malware.
Tip: It’s worth checking if your device needs a downloadable QR code reader at all as many will have the technology built in already.
What can I do to stay safe?
To be clear, not all QR codes are bad news. They can be extremely useful, we just need to remain vigilant when choosing to scan a code or when selecting a QR code reader.
Here are six things to look out for to make sure you can use QR codes and readers safely:
- Make sure a QR code you want to scan is presented by a reputable source (during a VC open forum for example).
- Look out for any signs the QR code may have been tampered with in some way, inspect it closely.
- Check the messaging and ‘call-to-action’ text surrounding the QR Code to ensure it's appropriate. Is there any accompanying information about the QR Code? A pixelated square in a random location without contextual details may be a red flag.
- Be wary of urgency in the messaging. If the message insists on immediate action, exercise caution.
- After scanning the code and before you enter any information, take a moment to check the URL matches the website you expected.
- Keep your mobile device security up to date and apply software updates regularly.
How to learn more
Each month to support these articles we’ll be releasing a matching bitesize training via Proofpoint, our online learning platform.
This month’s update will be in your inbox from Tuesday 18 June.