QR Code Scanning: Scan with Care
by Chelsea Camper | Last Updated May 11, 2017Unfortunately, as with most things related to the internet, security risks can be around every corner and QR codes are no exception. It happened to email and now, sadly, it’s happening to QR codes: Some QR codes being used for malicious purposes.
But! It’s not the QR code itself that’s the risk. It’s the link or application associated with the QR code. (Think of it like this: It’s not the car that’s the risk, it’s the driver behind the car.) QR codes are helpful marketing tools that can really put the star on top of the tree if done correctly…but their innocence is starting to become marred by malicious content.
Below is a list of several things you can do to help keep
your phone and information safe from malicious QR code links and a second list for marketers who use QR codes and how to keep your customers’ trust with them.
QR Code Scanning Safety Tips:
- Scan only trusted brands
- Check that permissions don’t seem fishy (ex. SMS messaging capabilities for a game app)
- Use a QR code scanner that shows you the url before it takes you there (ex. Barcode Scanner for Android)
- Use a QR code scanner with built in security (qr pal)
- Get an antivirus app
- Research apps before downloading (Check reviews, quick Google search, etc.)
- Be weary of forms from unknown companies
- Look for an explanation of why you’re scanning before you scan
Tips to Keep Your Audience at Ease When Scanning Your QR Codes:
- Tell them why they should scan and what will happen after they do
- Make sure your QR code landing page matches what you told your audience to expect after scanning
- Don’t use untrustworthy URL shorteners
- Use short URLs on your actual website to 301 redirect to longer URLs (ex. Instead of pcforms.com/diy-printing-tips-blog use pcforms.com/blog to redirect to the longer URL)
- Give your audience a text link of the URL they will be taken to
- Don’t request permissions for anything you don’t need for your app
- Build a trusting relationship with your audience
Examples of Untrustworthy QR Codes:
I would be hesitant to scan this QR code because of the lack of information. There’s no branding, nothing telling me where I’ll be going after I scan it, no reason to scan it, and the words “TRIAL OF A LIFETIME” don’t sound too appealing.
Again I’d be hesitant to scan this QR code since the branding is very limited. They have their company name in the top left hand corner and a link to their Facebook page typed out beside that. But there’s no more information. On top of that when you do scan the QR code you’re met with a shortened URL from a URL shortener I’ve never seen before. This QR code just links to their Facebook page, but it would have been nice of them to tell you where you were going and use a more trustworthy URL shortener!
Examples of Trustworthy QR Codes:
Even though there is nothing telling you what will happen after you scan this code it is branded well enough that I’d trust it. It’s presented in a public place, it’d be on all of their strawberry packages, and if there was something malicious going on with it there’d most likely be a lot of publicity on it since it is associated with a brand.
It obviously took this person some time to design his business card and have his logo inserted into the center of it. Most malicious QR codes won’t have the kind of design this QR code does. Plus since it’s on his business card and you have his contact information youd be able to track him down if the QR code did turn out to be bad news.
Takeaways:
- QR codes are not all bad news
- Use a QR code scanner that shows you the link before taking you to your destination
- Watch for fishy permissions when installing apps
- Scan Safe and be Smart!
