The Hawaiian Telcom Blog

  • Home
  • The QR Code Conundrum Poses Good, Bad Outcomes

The QR Code Conundrum Poses Good, Bad Outcomes

By Jordan Silva on Oct 25, 2022 12:49:20 PM

Tags: Technology

QR (quick response) codes have been around for years, and during the pandemic they became a common sight almost everywhere we go. Nearly every restaurant and bar moved to all-digital menus and added QR codes to their tables so guests could see the menu from their phone or smart devices.

As our new germ-­conscious lives continue, we now see them at every bus stop, in flyers and PowerPoint presentations, asking unknowing strangers to blindly trust that they can scan them and won’t be taken to a malicious place.

QR codes aren’t inherently bad. They are “modernized” bar codes that allow for more data to be captured in a fuzzy black-and-white square that can be printed or scanned from a screen. From a security standpoint, we have been telling people for many years not to click on links in their email unless they know where they go, but as QR codes began popping up everywhere, the world seemingly forgot that lesson and started scanning away.

In the early days of QR codes, you needed a special app to read them, but now that most smartphones camera apps have readers built in, it’s easier than ever. Combine that simplicity and our curious nature, and it could be a recipe for a bad day.

Be aware that the bad guys are actively taking advantage of the proliferation in QR codes, and there has been a large upswing in people replacing legitimate QR codes with bad ones. When scanned, you might be taken to a fake site that looks like the real one, and it might ask you to sign in to capture your information or give you an option to pay the hacker instead of the business. It also could simply link you directly to malware.

In other cases, attackers got so bold that they began placing QR codes in parking lots, purporting to be the payment option. Some printed and placed fake parking tickets on cars and assessed fake fines using websites that looked like legitimate city pages.

As always, if you are going to click (or scan) a link, be sure you know where it goes and that it is from a trusted source. Luckily, most devices now show you the URL rather than taking you straight to the page, so you at least get a hint of where you might be going. If ever in doubt, skip the scan and just type in the URL on your own.


Jordan Silva is senior manager of service delivery at Hawaiian Telcom. Reach him at

© Honolulu Star-Advertiser
Visit this article in the Star-Advertiser.

Share this article: