top of page
Search

QR codes: How convenience can lead to crisis

  • Writer: WCRC
    WCRC
  • Aug 13
  • 2 min read

They’re on food and drink packaging, restaurant menus and tabletops, clothing tags, car parks, business cards – yes, QR codes are everywhere. We’re being encouraged at every turn to use our smartphones to scan the rectangular series of black and white shapes so we can receive more information on a website, access promotional content or sign up for something.


It's supposed to be a convenient and interactive way to keep the experience going but this comes with risks and who knows this better than cybercriminals?


ree

The exploitation of QR code technology


Last year, Action Fraud reported that QR code scams known as QRishing – QR code phishing – had increased by 1,268% in five years. Simply looking at a code can’t determine what’s behind it which demonstrates why this is an effective vehicle for hackers.


Criminals are creating fake codes that redirect to malicious websites or activate unwanted downloads and malware so they can steal data, personal credentials and/or compromise the device. That moment of practicality can quickly lead to a full-blown cyber emergency.


Safer scanning for your small business


QR codes don’t have to be completely avoided but there are things SMEs can do to decrease the possibility of harm.


  1. Educating employees is everything: Security awareness training is the first step in helping your team recognise what the red flags are. If a code is in an unusual/unexpected location or from a untrusted source – exercise caution and don’t scan it. The WCRC offers bespoke, non-technical training sessions designed so people with limited cyber knowledge can become confident with the basics


  2. Use a QR code scanner with previews: QR code scanner apps that show a preview of the URL before opening it will verify whether the link is genuine and not a malicious site before proceeding.


  3. Checking your own business’ QR codes are secure: If your business has its own QR codes for marketing or operations, ensure they are generated through trusted and secure platforms only. Review and monitor the codes regularly to check they haven’t been tampered with and be sure to keep an eye on the websites they link to as well.


  4. Implement strong cyber security measures: Are your devices and networks have up-to-date security software that detects and blocks malware? If not, make this an urgent action. A robust cyber security strategy means reduced risk of infection from malicious links and downloads.


  5. Get in touch with us: QR code scams affect businesses in Tenby, Portmeirion, Caerphilly, Deeside and everywhere in between. The WCRC offers guidance on how to stay ahead of the dangers, so please contact us for further support on bettering the safety of your SME and team members.


Having awareness of the cyber concerns surrounding QR codes and implementing best practice measures, means you can use the technology safely and securely.

 

Comments

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect the most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Cyber Essentials partners if you need specific support. For specific questions please contact us at enquiries@wcrcentre.co.uk.

 

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document.  It is not responsible for the content of external internet sites that link to this site or which are linked from it.

USEFUL LINKS

Home

About Us
Contact Us

Annual Report 2024

Privacy Policy
Terms and Conditions

Contract Terms and Conditions
Legal Disclaimer

Wales Logo 4.png
  • Twitter
  • Facebook
  • Youtube
  • Linkedin
cyberessentials_certification mark_colour .png
chambers-wales-member-medium-con-2-1.png
cyberessentials_certification-mark-plus_colour.png
Banner Highly Commended.png
bottom of page