Skip to content

From the News - 12/19/24: Question QR Codes Before Scanning

QR codes are a wonderful tool for quickly sharing accessing information, be it a restaurant menu, a tournament schedule, or a PIN code for setting up an account.  When setting up Duo MFA here at Crowder, we usually scan a QR code to avoid having to put in a long unique code to link your account to your Duo app. 

That said, a study found that approximately 60% of emails containing QR codes are classified as spam or malicious.  In other recent headlines, police departments are warning citizens to be cautious of "QR brushing" where an unexpected package contains a malicious QR code.

Please take the following cautious steps as you interact with QR codes:

  1. Is the QR code expected and something you may need to scan?
  2. Has the QR code been potentially tampered with?  Someone could place could simply have placed a malicious QR code sticker over a legitimate one.
  3. When scanning the QR code with your phone's camera, check the link before clicking, similar to hovering your mouse over a hyperlink on your computer.  Does it direct to some place you would expect?  URL shorteners are often used which can obfuscate where the QR code is actually directing you.
  4. Lastly, once clicked on, do not provide any account usernames or passwords.  If the QR code is directing you to a site you have an account with, just visit that site directly through your browser or app rather than using a QR code to access it.

Thank you for being cautious.  

Back to main screen