Think Before You Scan: QR Code Best Practices

During the biggest advertising spotlight of the year, there was an ad that left many people scratching their heads and opening their phone cameras. That ad was Coinbase’s QR code ad, in which a colorful QR code with no context bounced across the television screens of millions. Once scanned, the code directed people to Coinbase’s website to learn more about how to sell and buy bitcoin and cryptocurrency through the company.

QR codes have become a normal part of how we interact with products and services due to the pandemic. Their increased usage has created an opportunity for fraudsters to use them as another way to access your private information or install malware on your device. So, although some advertisers may be applauding Coinbase for its ad’s simplicity and results (Coinbase’s site crashed from so many people scanning the code), the ad also demonstrated how oftentimes with QR codes, people tend to scan before they think. Before you scan a QR code from any source, here are some important considerations to keep in mind.

Use a trusted application. Most smartphones have QR code readers installed as part of their camera’s functionality. If your phone doesn’t have this feature yet, be sure to do your research and install a QR code reader that has built-in security features, like checking links against known malicious sites or having a pop-up of the URL destination appear before taking you to a site. Read the user reviews to make a solid decision before installing the first tool that shows up in the app store.

Know the source. Never scan a QR code where you can’t confirm the code’s source. This concern was perfectly highlighted by Coinbase’s ad, as people scanned it, assuming it was safe, without knowing the source beforehand. It’s best practice to only scan codes from trusted sources, whether it’s on a poster in the street, a food menu, or an email. So the next time you see a random QR code bouncing on your TV screen, it’s best to let the brand show itself before scanning.

Keep a lookout for phishing. As noted above, fraudsters are now using QR codes to perform phishing attacks. A fraudster may replace a safe QR code from a poster or restaurant table with a tampered one that takes users to a fake version of the trusted site, prompting users to reveal their personal information which they collect and sell on the dark web. To avoid falling victim to a QR code phishing scheme, feel the QR code if it’s in-person to ensure it’s not a sticker or a cover-up. If you receive a QR code digitally, inspect the email to see if it’s from a trusted sender.

Update your software regularly. With cyberattacks on the rise now more than ever, it’s important to make sure your device is up to date. Many software patches include security features to help protect your private information and personal data, so keeping your phone on the most current software version is almost always a good idea. Also, consider downloading an antivirus program to your device for an extra layer of protection.

Coinbase’s ad may have been far from the flashiest on the biggest night of the year for advertisers, but it made a point of illustrating the impulsive and curious nature of humans. Scanning the ad in this case, was perfectly safe, but that doesn’t mean it will always be. Like with any link or tool that routes you to an URL, it’s crucial to take a minute to think before taking action.

BerganKDV helps clients establish best security practices for their workplace so that they have the resources and protocols in place to protect their organization from fraudsters. Want to learn more about our security solutions? Let’s have a conversation!


Subscribe for More

CATEGORIES: Tech & Innovation
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments


Let us know a little about yourself! We’ll deliver timely news straight to your inbox.