Quick Response (QR) codes have been used for phishing scams ever since they started gaining popularity. They blend in with every other QR code and pose a security risk to your mobile devices. They can be on posters, in restaurants, shops, and even parking garages. QR codes have become an easy way for a hacker to steal your credentials to personal accounts or download malware onto your phone.
QR codes have historically been a simple and easy way to quickly access a website, without having to type in a URL or pasting one into a browser. This creates an opportunity for hackers to easily trick users into thinking they are scanning a trustworthy QR code. It can be as simple as scanning a QR code that claims to show a restaurant’s menu, but it actually takes them to a fake website resembling the restaurant’s web page that downloads malware in the background.
Michigan Tech may seem safe from these parts of the internet, but Michigan Tech has had problems with fake employers emailing students fake job opportunities through the @mtu.edu mailing domain. There is little difference between that and phishing QR codes. They seem trustworthy at face value, but end up being a part of the internet you never intended to be in. Alex Davis, a student at Michigan Tech studying Cybersecurity said, “A poster could be made to look like something harmless with a QR code that actually goes to a malicious site rather than what the poster describes.” Davis goes further by saying, “People being more trusting of a QR code may scan it thinking nothing of it,” he said, explaining that even though it seems like it can be a trustworthy QR code, it may end up not being the place you wanted to go.
Be careful when scanning your next QR code. Look at the link you are going to and ensure that it has a trustworthy URL. It should be something familiar, like mtu.edu, and not something like mtuedu.com. It might just save you some money and a headache. For more information, go to cloudflare.com/learning/security/what-is-quishing/ to get a better understanding of how to avoid cyberattacks and to help prepare yourself for future Internet surfing.
