QR stands for Quick Response and the code part is actually a type of bar code. The first QR code system was invented in 1994 by the Japanese company Denso Wave, a Toyota subsidiary. They needed a more accurate way to track vehicles and parts during the manufacturing process.
Standard barcodes can only be read in one direction – top to bottom. That means they can only store a small amount of information, usually in an alphanumeric format. A QR code, on the other hand is read in two directions – top to bottom and right to left. This allows it to store both significantly more data, and more data formats. In fact, data stored in a QR code can include website URLs, phone numbers, or up to 4,000 characters of text. QR codes are fun, easy, and alluring because they can be placed on anything from business cards to a bag of chips.
Initial uptake was slow, but as the first smart phones with built-in QR readers came onto the market in 2002, the convenience led to an increase in companies and customers using codes. Similarly, the original design and capabilities of the QR codes also expanded. Today QR codes include everything from contact tracing for Covid-19 to determing objects’ position within augmented reality. Links in a QR code can take you to a website, start a file download, or open an app on your phone to take an action, like adding an event to your calendar. QR codes can also be used to authenticate online accounts and verify login details, access Wi-Fi by storing encryption details such as SSID, password, and encryption type, or send and receive payment information.
Unfortunately, cybercriminals like using QR codes too. The original developers made the code publicly available. This meant anyone could make and use QR codes. There are many free websites that allow you to create your own QR code that links to anything you choose. Of course, this means that the bad guys can create a QR code that links to a malicious website or downloads malware onto your device. Once they have created their malicious QR code, it can be emailed, posted to social media, printed out on flyers or cards, even made into stickers and placed on top of legitimate QR codes.
So, how can you stay safe when scanning QR codes?
Rule number 1: never scan a QR code from an unknown source, such as random flyers, emails or social posts, especially if they include enticing offers, like a new iPhone.
Rule Number 2: use a scanner app that gives you a preview of the destination, which allows you to review the URL and decide if it is safe.
Rule Number 3: if the code or the URL looks cryptic or the site requires a login or it is unrelated to what you scanned, close out of your browser immediately.