Since the onset of the COVID-19 pandemic, QR codes have made an incredible comeback. Commonly appearing on restaurant menus, posters and advertisements in high traffic areas, they’re now a part of our daily lives as they provide an easy and convenient way to deliver content directly to your mobile device.
While convenient, scanning a QR code from an unknown source increases the risk of compromising your device or sharing your personal information with hackers.
QR codes are an effective phishing method
Because of their versatility and prominence, hackers are increasingly using QR codes as a phishing tool. QR codes embedded in emails, websites or on printed materials obscure the source of the link you’re scanning, redirecting you to fake websites that aim to steal your personal information or tricking you into downloading malware.
QR codes can track your metadata
By scanning a QR code, you could be directed to a phishing website that hackers can use to track your online activity through cookies. Metadata commonly tracked through fake QR codes include:
Protect yourself from QR code risks
Scan QR codes via private browsing
If you do need to scan a QR code, always scan it while your mobile device’s browser is set to incognito mode so your metadata can’t be tracked. Learn how to switch to incognito mode on your mobile device’s browser (external link) .
Prevent automatic scanning of QR codes on your device
It’s also recommended that you turn on settings available through your mobile device’s operating system to prevent your device from automatically performing actions when you scan a QR code.
View instructions for disabling automatic QR code scanning on an iOS device (external link) .
- Unlock your device and navigate to Settings.
- Click System Settings.
- Click on Users & Devices.
- Click Device Registration.
- Unselect Display QR Code and Registration URL.
- Once unselected, click Save.