A QR code is a type of barcode designed to be 'scanned' by a type of reader device that can store data for various purposes. You can encounter QR codes in stores, restaurants, or other locations to make the sharing (and subsequent tracking) of websites and information easier to do. As an example, the QR code shown here links to this webpage. QR codes by themselves don't pose a risk, but the URL/Internet hyperlink or data/file they contain or link to is not always safe to 'click' on.
QR codes mask what they are pointing you to, and there is no way for the human eye to distinguish one from another, so it is important to exercise caution when interacting with them.
- Check your surroundings. Where is this QR code? If it is on a poster, flyer, or on a table, is it where you'd expect it? Does the paper it is on contain any branding or logo from a recognized source? For example, if you are at a restaurant and see a QR code, does it have the name of the restaurant on it as well? Don't trust a 'random' QR code.
- Scan with your own phone, using its camera. You don't need to download anything to read a QR code with a smartphone's camera. If a QR code tells you to use a specific app to scan it, that is suspicious. If the code can't be scanned using your native camera on your smartphone, it's not worth scanning.
- Scan before you click. Smartphones will show you part or all of the information contained in the QR code inside of your camera app. You can safely test this using the QR code on this page if you'd like to see what this looks like - just pull up your smartphone's camera and focus it on the code. You should see it points to a link starting with https://colby.teamdynamix.com. 'Clicking' on the URL should open this web page. This test passes because
- The link is what you are expecting because it relates to the context in which you found and scanned the QR code
- The link points to a site / domain that you recognize and is relevant (https://colby.teamdynamix.com)
- The link is not using a 'URL shortener' such as Bit.ly or TinyURL - shortners also obscure the site they are pointing to and can't be trusted.