What are QR codes?
Originally developed in the mid-1990s for manufacturing and inventory control, QR codes most often appear as a small graphic that looks like randomly placed small black squares arranged in a borderless square (similar to the white square in the graphic at right). But QR codes can be customized with different colors and different backgrounds. When a QR code graphic is framed in the camera of a smartphone, the code can be read by the device and immediately trigger a response, such as opening a document or a web address.
Why are QR codes potentially hazardous?
While QR codes make transactions fast and easy, cyber criminals and hackers can also misuse them for malicious activity or profit. According to cybersecurity experts and the Major Cybercrime Unit of the Army's Criminal Investigation Command, QR code fraud and theft are evolving and on the rise. For example, QRs that have malicious code embedded in them can be placed in publicly accessible spaces, where curious passers-by scan them, only to be directed to websites that download damaging code on their devices. The COVID-19 pandemic has also unwittingly aided the bad guys, because the codes’ ability to provide a more hands-free transaction method has led to their greater use, to help prevent spread of the virus.
What are some things malicious QR codes can do?
Some of the nefarious things malicious codes can do include:
What can I do to protect myself against malicious QR codes?
In general, CID experts recommend the same kinds of vigilance and caution you would use to protect yourself from other online hazards:
And they add some cautions specific to QR codes:
Source: U.S. Army Criminal Investigation Command
For more information and notices about computer security, cyber crime and computer related scams, visit the CID MCU website at https://www.cid.army.mil/mcu-advisories.html
Last Updated: March 19, 2021
Army Cyber on U.S. Army website
1st IO Command
780th MI Brigade (Cyber)
Department of Defense
U.S. Cyber Command
Air Forces Cyber
U.S. Fleet Cyber
Marine Corps Forces Cyber
Coast Guard Cyber
U.S. Army Reserve
Army National Guard
U.S. Army Cyber Center of Excellence
Developing tomorrow’s cyberspace strategies today.
Army Cyber School
Army Cyber Institute
National Defense University College of Information and Cyberspace
Air Force Institute of Technology
Defense Cyber Investigations Training Academy
Hacking for Defense
Defense Advanced Research Projects Agency
Defense Digital Service