Universiteit Leiden

nl en


Be alert when you scan QR codes

8 February 2022

QR codes are a familiar sight in our daily lives. Students and staff have to scan one to check in at the University and many banks use them to confirm payments. It’s no surprise therefore that cybercriminals have found a way to use QR codes to obtain data or gain access to a device. 

What exactly is a QR code

A QR code is just a link that is represented as an image made up of black and white squares. You can compare it with a barcode. The only difference is that a QR code can contain much more information. A QR code makes it easy to open a link or command. All you need to do is scan it with the camera on your smartphone. However, there are several risks.

Risks when using QR codes

As a QR code provides such easy access to a link, there is a real risk of QR fraud. Cybercriminals can place fake QR codes stickers over existing ones that will then take you to another webpage than expected. Examples of QR fraud include:

  •  Linking the bank account in your app to another phone.
  • Giving another device access to your WhatsApp.
  • Giving an external device permission to remove data from your phone.

Another risk is that cybercriminals will send a fraudulent letter from an official entity such as the government or your bank asking you to scan a QR code.

How can you prevent QR code fraud?

To prevent QR code fraud, be aware that QR codes are not necessarily safe. Keep these three tips in mind:

  • Check the web address when you scan a QR code, so before you click on it. This is just like checking links in a phishing mail.
  • Don’t be fooled by documents that look official. 
  • If you see a shortened link like bit.ly when you scan a QR code, be extra wary. 
This website uses cookies.  More information.