What’s your policy on scanning QR codes?
Since the Pandemic, we’ve become used to using QR codes as a quick way to direct people to access websites, log into online video services on smart TVs and TV boxes, or to order or pay for goods and services. The National Cyber Security Centre (NCSC) is concerned that we may be leaving ourselves open to increased risk as a result, and have issued some guidance on the subject.
- Is your business protected from the risks that may come from malicious QR codes?
- Do you have a policy in place for your staff?
- What issues do you even need to consider?
When to be watchful…
QR codes are increasingly being used in phishing emails, sometimes called ‘quishing’. This is because people are more suspicious of links in emails and so QR codes may more easily disguise a link to a malicious website. Also, security tools that detect phishing emails may not scan images and so let a QR code through.
Criminals are also aware that a person is likely to use their personal phone to scan a QR code. Personal devices don’t usually have the same security protections as an employer-provided computer.
The NCSC make the following points:
- Numbers of QR code related scams are relatively small compared to other types of cyber fraud, but that we shouldn’t become complacent.
- The majority of QR code-related fraud usually happens in stations, car parks or other open spaces.
- QR codes used in pubs and restaurants are likely to be safe.
- Scanning QR codes in stations, car parks and other open spaces is likely to be higher risk. Whenever you are being asked to provide what feels like too much information you should be suspicious.
- Exercise caution about scanning a QR code in an email. These types of ‘quishing’ attacks are on the increase.
- Use the QR scanner that comes with your phone rather than using an app downloaded from an app store.
You can see more detail from the NCSC guidance here: https://www.ncsc.gov.uk/blog-post/qr-codes-whats-real-risk
Business News
We send regular updates that keep clients aware of changes and suggestions on a wide range of subjects; if you’d like to receive those too, just add your details below and we’ll do the rest! We promise not to bombard you and you can unsubscribe at any time.