Here is an interesting article from the National Cyber Security Centre about whether you should trust public QR codes. Now we have had experience with this. One of our clients found that someone had stuck a new QR code over the one they displayed in their window. When I investigated, I found that the code went to the Facebook page for a local gig – nothing sinister. I did have an interesting conversation with the organisers…
QR Codes – what’s the real risk? – NCSC.GOV.UK
In public
To be honest, as the report says, this type of scam although real, is not widespread. Be vigilant when you scan the code – has a sticker been stuck over the legitimate code – and use your common sense as to where the QR code is located. If in doubt don’t use it.
In emails
QR codes in phishing emails – now known as quishing emails – can bypass the usual email security software so pose more of a problem. The best thing here is not to use a QR code in an email, unless you 100% certain that the sender of the email is someone you know. Again it is better to be safe than sorry.
Your takeaway
Is your team aware of the new attack vector of including QR codes in phishing emails? If not it is time for some training.
Cyber Security Awareness Training | Smart Thinking Solutions
The QR code above…
…is safe. Try it.
Clive Catton MSc (Cyber Security) – by-line and other articles