Careful! This could have potentially been a malicious website.
Read more to learn why you should be careful when scanning QR codes.
What are QR Codes?
QR codes, as you likely know if you found this article from scanning one, are two-dimensional barcodes that contain information encoded within black pixels arranged in a square grid on a white background.
Compared to a regular barcode, they can be read both horizontally and vertically, meaning that more data can be stored in them. They can also easily be scanned by your smartphone camera or a dedicated app.
QR codes are generally used to display text or re-direct you to a website, but they can also trigger many other actions such as directly downloading apps, adding contacts, composing emails, and more.
What risks could come from scanning a QR code?
Although generally known for opening harmless websites, if the QR code is malicious it might re-direct you to a website where malware is directly downloaded onto your device, or where the attacker attempts to gather your credentials through a phishing attempt, leading them to gain access to your personal or financial information.
The QR code could also act in more subtle ways, such as downloading an app, adding a preferred wifi network, or adding a phone contact without you realising, with the attackers then leveraging these in later phishing attacks.
How do I know if it is genuine or not?
This can be difficult, as there is no visual difference between a safe and non-safe QR code, and even sources you might think are genuine could have been infiltrated.
Criminals have been known to stick QR code stickers on top of existing QR codes that are known by you to be safe, such as restaurant menus. The links in the QR codes might re-direct you to a malicious website directly, infecting your device, or to one that impersonates the menu you are familiar with, whilst also gathering additional information about you through a log-in prompt.
Depending on your phone model, it might be possible to view the URL destination of the QR code before proceeding to the website. Otherwise, you can use a reputable QR code scanner app that provides security features that detects potentially harmful codes.
What do I do if I scanned a malicious QR code?
If you have scanned a malicious QR code on your work device, make sure to promptly report the incident to your company’s information security or cybersecurity team, who will help you from there. While you might worry about a negative response, the team would be glad to hear from sooner rather than later, as they would prefer to receive the information as soon as possible to address the issue and minimise any potential harm.