QR Codes

Since the onset of the COVID-19 pandemic, QR codes have made an incredible comeback. Commonly appearing on restaurant menus, posters and advertisements in high traffic areas, they’re now a part of our daily lives as they provide an easy and convenient way to deliver content directly to your mobile device. 

While convenient, scanning a QR code from an unknown source increases the risk of compromising your device or sharing your personal information with hackers.

QR codes are an effective phishing method

Because of their versatility and prominence, hackers are increasingly using QR codes as a phishing tool. QR codes embedded in emails, websites or on printed materials obscure the source of the link you’re scanning, redirecting you to fake websites that aim to steal your personal information or tricking you into downloading malware.

QR codes can track your metadata

By scanning a QR code, you could be directed to a phishing website that hackers can use to track your online activity through cookies. Metadata commonly tracked through fake QR codes include:

Protect yourself from QR code risks

Scan QR codes via private browsing

If you do need to scan a QR code, always scan it while your mobile device’s browser is set to incognito mode so your metadata can’t be tracked. Learn how to switch to incognito mode on your mobile device’s browser (external link) .

Prevent automatic scanning of QR codes on your device

It’s also recommended that you turn on settings available through your mobile device’s operating system to prevent your device from automatically performing actions when you scan a QR code.

iOS devices

View instructions for disabling automatic QR code scanning on an iOS device (external link) .

Android devices

1. Unlock your device and navigate to Settings.
2. Select System Settings.
3. Select on Users & Devices.
4. Select Device Registration.
5. Unselect Display QR Code and Registration URL.
6. Once unselected, select Save.

Four tips for avoiding QR code phishing attacks