by BLACK ENTERPRISE Editors
June 19, 2025
Encrypted QR Codes are right here. Ought to workplaces be utilizing them?
Firms go to nice lengths to guard delicate private and monetary data. However as cybercriminals develop into more and more subtle, scams are on the rise, placing key data prone to being compromised.
Scammers continuously make use of phishing methods to acquire delicate information or private data. Cybersecurity firm Egress stories that QR Code scams in emails accounted for 12.4% of all phishing emails in 2023, up from 1.4% the earlier yr.
The healthcare, hospitality, training, and insurance coverage industries are most certainly to be focused by phishing schemes, in accordance with a 2024 report from cybersecurity agency KnowBe4.
Whereas corporations have lengthy been conscious of electronic mail phishing scams, QR Code “quishing” (QR Code + phishing) scams have introduced a brand new approach to manipulate and deceive. Phishing targets companies in a number of methods: As an alternative of directing customers to reliable web sites, QR Codes direct customers to pretend web sites which will immediate them to supply banking entry or enter private data, resembling passwords. Pretend QR Codes can even immediate customers to obtain malware onto their gadgets, which might wreak havoc.
Phishing is among the commonest crimes, in accordance with the Federal Bureau of Investigation’s Web Crime Criticism Heart. Phishing crimes had been reported almost 299,000 instances in 2023—a 161% improve since 2019, in accordance with a 2023 report from the Bureau. A few of these scams embrace the ever present black-and-white squares that individuals have hijacked in phishing scams, prompting the Federal Commerce Fee to subject a warning concerning the dangers of QR Codes in 2023.
Savvy staff may assume they’re not inclined to scams, however these geometric codes, troublesome to tell apart from each other, could seem extra benign than a sketchy URL.
“They need you to scan the QR Code and open the URL with out eager about it,” Alvaro Puig, a client training specialist for the FTC, mentioned in an announcement.
Quishing scams typically leverage model names or acquainted electronic mail addresses to dupe busy staff. A typical rip-off is phishing emails that impersonate Docusign. Unhealthy actors ask individuals to entry funds from a “funds settlement settlement” by scanning a QR Code, which directs them to a pretend Docusign web site the place they will present their sign-in credentials.
Different widespread quishing makes an attempt embrace Zoom assembly invites and HR reminders for coverage evaluations, in accordance with KnowBe4. The corporate’s analysis discovered that globally, almost 49% of clicks on phishing hyperlinks within the third quarter of 2024 presupposed to be emails about HR or IT issues.
Customers could also be conversant in public-facing scams, resembling fraudsters tricking individuals into sharing cost data on fraudulent web sites utilizing pretend QR Codes stickered onto parking meters. Fraud investigations into pretend QR Codes have been underway throughout the nation, with cities like Austin, Houston, and San Antonio in Texas, in addition to Newtown, Massachusetts, for example.
In the meantime, nonetheless, companies could face a special type of menace from inside if staff are unaware of the dangers related to QR Codes or if hackers infiltrate methods to entry data protected by QR Codes that lack further safety.
As workplaces grapple with new safety threats, companies could search further protecting measures. Uniqode examined trade stories and information protection to find out how new applied sciences, resembling encrypted QR Codes and ink authentication, might help shield workplaces from scams.
How encrypted QR Codes work
Firms can shield themselves by utilizing encrypted QR Codes to additional safe their hyperlinks. There are various ranges of encryption, however they typically make the most of a secret decryption key that enables the scanner, usually a cellphone, to learn the QR Code earlier than transferring ahead.
For instance, in 2012, Google experimented with encrypted QR Codes that allowed individuals to log into their electronic mail from a public pc. Customers might scan the QR Code on their smartphone with the accredited credentials; as soon as this decryption handed, the e-mail on the general public pc would robotically log in.
QR Codes will also be password protected, requiring a code to open the hyperlink and proceed. Dynamic QR Codes allow customers so as to add passwords that may be up to date later, whereas static QR Codes, as soon as created, stay unchanged. Encrypted QR Codes might be useful in settings the place shared data requires confidentiality or added safety, resembling healthcare data, occasion tickets, and authorized documentation.
Encryption helps shield the information saved inside a QR code, permitting solely approved customers to entry it. Companies can use encrypted data to guard confidential client data throughout a breach and as an additional safeguard in opposition to extortion. An additional layer of safety to guard information from malicious actors can even present corporations with larger peace of thoughts.
QR Code know-how & safety go hand-in-hand
Massachusetts Institute of Expertise researchers pioneered Invisible ink authentication, a sophisticated safety measure designed to cover QR Codes in plain sight, resembling on paperwork, to forestall counterfeiting.
Invisible QR Codes have fluorescence, in order that they can’t be seen by the bare eye or detected by a digital camera lens. Solely customers conscious of the fluorescence can make the most of a specialised filter to detect and scan the code, accessing key data securely.
One other development is algorithm-driven anti-copy know-how, which provides a layer of safety to QR Codes by stopping counterfeiters from passing off knock-offs as the true factor. In contrast to common QR Codes, which might be copied or modified to direct customers to a pretend web site, anti-copy safety QR codes function a delicate watermark and make the most of an authentication algorithm that makes them extraordinarily troublesome to counterfeit. They’re significantly helpful when utilized in pairs for transport a product, the place the highest QR Code can be utilized a number of instances alongside the transport route, however the backside QR Code can solely be used as soon as—authenticating the product.
Previous-school, street-smart methods shouldn’t be underestimated of their capability to guard individuals from quishing scams.
“The excellent news is that the best way to [be] protected from this malicious exercise is to make use of the steps we’ve already discovered from phishing and different social engineering assaults, resembling solely scanning codes from trusted sources, verifying hyperlinks are reliable and looking for different crimson flags,” Garrett McManaway, chief data safety officer of Wayne State College, wrote in a weblog put up.
Duke College safety pointers suggest utilizing solely native QR Code scanners, verifying the URL to make sure the code directs the consumer to the supposed web site, and checking different web site particulars that point out authenticity, resembling an identical emblem and coloration scheme.
One other hallmark of a quishing rip-off is a false sense of urgency, the place makes an attempt are made to push victims into performing shortly with out considering, resembling contacting somebody instantly to ship a bundle or log in to an account on account of alleged suspicious exercise.
Folks can shield themselves by being cautious. Take a second to assume earlier than scanning. Keep away from quick URLs; if it appears fishy, there’s likelihood it’s quishing.
Story enhancing by Alizah Salario. Further enhancing by Elisa Huang. Copy enhancing by Kristen Wegrzyn. Picture choice by Lacy Kerrick.
This story was produced by Uniqode (Beaconstac) was produced anddistributed in partnership withStacker.
RELATED CONTENT: Elevating Your Excellence: The Unyielding Imaginative and prescient Of Pastor Jamal Bryant In The Combat For Financial And Civic Justice
