You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

That menu QR code is safe. Right?

QR codes have surged back to life, thanks to COVID concerns and social distancing. But are they safe?

You've become accustomed to "interactive" menus that have now replaced traditional paper menus. Just scan this handy QR code and tap that link. And like magic, technology meets dining.

This can be super convenient - updated specials, rotating tap lists, maybe higher prices sneak in there, too?

But is there a risk to this convenience and safety measure?

What happens when you scan a QR code?

If we think about what actually happens when you scan that QR code, this might set off a few tingly hacker sensations.

So you arrive at the bar for happy hour, and instead of handing you a paper menu, they point to the QR code sticker on the table.

Great! Pull out your handy smartphone, and you know what to do. In moments a link pops up to take you to all the ice cold refreshments your after work heart could desire. You click the link, and you're on your way to a good time.

Any url could be lurking behind that "" shortened link.

But hold up...

That's a link you're clicking. And if we remember from all of our security awareness training courses, we aren't supposed to click on unknown links!

Now, it seems kind of silly, but what keeps a hacker from simply printing new QR code stickers and slapping them all over the bar?

I mean, these are the same folks who put up fake Microsoft login pages, so how hard is it for them to throw up a fake bar menu that also includes some malware on the page?

So instead of landing on a benign webpage, you've actually been redirected to an unsafe page of the hacker's design.

You're sipping away, while that hacker is snooping away on your device.

We're not calling this the most dangerous attack vector out there, but it's critical that we keep our cyber learnings in mind, even outside the office!

And all this QR code craziness has you thinking your clients need training, we're glad you're here!

As you might have suspected, INFIMA provides its Partners with Security Awareness Training to train teams to avoid attacks in and out of the office!

And hey, if you're an MSP and want to learn more, go check out how we work with Partners here. If you like what you see, book a time to chat!

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.