Don’t get sQRewed by phishing attempts

Last Updated: 02/11/2013

Overview

Attempts to steal your personal information like passwords, Social Security Numbers or bank information come in all shapes and sizes.

Quick Response codes, or QR codes, have great potential to drive customers to legitimate websites and also enable convenient downloading of software. The Phishing with QR codescause for concern with these codes is that much of the content is obfuscated and often it is unclear where software is coming from and what features are automatically enabled. The key to protecting yourself is to not scan a code simply because you can. The long term effects of scanning a malicious code can be both costly and frustrating.

But there are ways to sniff out hoaxes and tell them apart from legitimate marketing:

  • Be suspicious of attachments and unexpected email messages.
    • Use antivirus software to scan anything that you receive in your email.
    • Legitimate marketing emails rarely send attachments.
    • Make sure the link actually goes to their site & not a spoofed one!
  • Scan only those QR codes that come from reputable sources, this will minimize risk but not eliminate it.
  • Be careful about clicking on embedded web links in email.
  • Don't enter sensitive information on a site you don't completely trust.
  • Make sure online transactions are actually secure (look for the lock on the bottom right of your browser window).
  • Ensure that you have controls on your devices that prompt you when an application attempts to install

Find many more ways to avoid getting hooked at

www.colorado.edu/oit/it-security/security-awareness/phishing