Think Twice Before Scanning: QR Code Security Tips

During last year’s big game, there was a commercial of a lone, colorful QR code that bounced across viewers’ screens and left many people confused. That ad was Coinbase’s QR code ad, where once scanned, the code directed people to Coinbase’s website to learn more about how to sell and buy bitcoin and cryptocurrency through the company. Coinbase’s ad was so successful that its site crashed, and because of that many marketers predicted that next year’s big game would bring about even more QR codes in ads.

Well, they were right. Last night’s ad spots during the big game proved that QR codes are here to stay and are only growing in popularity. From prompting viewers to scan for a chance to earn an NFT, to scanning to view full movie trailers, there were numerous instances where viewers were being asked to pull out their phones and take action. Although all of the ads’ codes were secure, their sense of urgency to scan quickly before the ad wraps up encourages users to think before scanning, which creates risky security behaviors.

The increased popularity and usage of QR codes have created a new opportunity for fraudsters to use them as another way to access your private information or install malware on your device. Before you scan a QR code from any source, here are some important reminders to keep you and your device safe.

Use a trusted application. Most recent smartphones have QR Code readers installed as part of their camera functionality. If your phone doesn’t have this feature yet, be sure to do your research and install a QR code reader that has built-in security features, like checking links against known malicious sites or having a pop-up of the URL destination appear before taking you to a site. Read the user reviews to make a solid decision before installing the first tool that shows up in the app store.

Know the source. Never scan a QR code where you can’t confirm the source of the code. This concern was perfectly highlighted by Coinbase’s ad last year, as people scanned it, assuming it was safe, without knowing the source beforehand. It’s best practice to only scan codes from trusted sources, whether it’s on a poster in the street, a food menu or an email.

Keep a lookout for phishing. Fraudsters are now using QR codes to perform phishing attacks. A fraudster may replace a safe QR code from a poster or restaurant table with a tampered one that takes users to a fake version of the trusted site, prompting users to reveal their personal information which they collect and sell on the dark web. To avoid falling victim to a QR code phishing scheme, feel the QR code if it’s in person to ensure it’s not a sticker or a cover-up. If you receive a QR digitally, inspect the email to see if it’s from a trusted sender.

Update your software regularly. With cyberattacks on the rise more than ever, it’s important to make sure your device is up to date. Many software patches include security features to help protect your private information and personal data, so keeping your phone on the most current software version is almost always a good idea. Also, consider downloading an antivirus program to your device for an extra layer of protection.

This 2023 ad cycle for the big game proved that QR codes aren’t going away anytime soon. Scanning the codes within this year’s ads was perfectly safe, but that doesn’t mean it will always be. Like with any link or tool that routes you to an URL, it’s crucial to take a minute to think before taking action.

BerganKDV helps clients establish best security practices for their workplace so that they have the resources and protocols in place to protect their organization from fraudsters. Want to learn more about our security solutions? Let’s have a conversation!


Subscribe for More

CATEGORIES: Tech & Innovation
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments


Let us know a little about yourself! We’ll deliver timely news straight to your inbox.