Tips on how to use QR codes safely

QR codes are growing in popularity. The use of QR codes in Aotearoa New Zealand has increased significantly in recent years, especially since the start of the COVID-19 pandemic. Here are some tips on how to use QR codes safely.

What are QR codes?

A QR code is a square barcode used to store information that is accessible to digital devices such as a smartphone. A smartphone camera can scan and read the QR code to provide quick access to a website, to prompt the download of an app, and to direct payment to an intended recipient. The letters QR stand for quick response.

QR codes in Aotearoa New Zealand

The use of QR codes in New Zealand has increased significantly in recent years, especially since the start of the pandemic. For example, the NZ COVID Tracer app allows users to scan QR codes to create a private digital diary of the places they visit to speed up contact tracing should the need arise.

To ensure safe use, businesses must only use their official NZ COVID-19 QR code poster issued by the Ministry of Health. This is so that visitors know that scanning the QR code links to the NZ COVID Tracer app, and is for contact tracing purposes. Learn more about QR code posters for contact tracing.  

Tips when using QR codes

QR codes are not inherently harmful but they can be loaded with information or instructions that aim to deceive or harm the person who is scanning them. Here are a few tips on how to use QR codes safely.

Do ()

  • If the QR codes sends you to a website or another app, double check that it's sending you to the right place before you allow your device to go to that site or app. There will usually be a prompt asking you to confirm or accept the QR code's information.
  • Once you scan a QR code, check the website URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter. If you know the website where it's trying to send you, it's safer to go to that website yourself by keying in the website address in your internet browser.
  • If the QR code directs you to submit sensitive personal information, contact the organisation it claims to be and check their publicly listed contact information to confirm that the organisation is genuine first.

Don’t (✘)

  • Don't use a scanning app unless you know who it's from (for example, the New Zealand Government's 'NZ COVID tracer' app) and make sure to get it from official sources like the Apple App Store or the Google Play Store.
  • Do not download an app from a QR code. Use your phone's app store for a safer download. 
  • Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted website to complete the payment.

References

  1. Personal communication, Netsafe, NZ
  2. Advisory notice about misuse of QR codes FBI, USA
Credits: Health Navigator Editorial Team.