Following the pandemic, many restaurants turned to QR codes to link customers to their digital menu. While the thought behind QR codes is good—limiting the spread of germs by coming into contact with menus—QR codes are another way for a cybercriminal to access your information.

Scam of the month

We’re sure you’ve seen the commercial we will discuss in this article. 100.2 million viewers tuned in on Sunday, February 13 for the 2022 Super Bowl LVI. In case you haven’t seen it, chances are you’ve at least heard of it. That’s usually the sign of a great piece of marketing. And for the price tag they paid ($14 million) for the ad, they should be ecstatic with their success.

The commercial itself was a QR code that the cryptocurrency company Coinbase had bouncing on your screen for about a minute. As a concept, it was interesting. With no copy but a prompt for someone to take out their phone and scan, millions did exactly that and got rewarded with the opportunity to add some cryptocurrecy to their portfolio. A QR code is a square barcode scanned by a smartphone camera to provide quick access to a website, application download, and direct payment. Just last month, the FBI put out a warning that cybercriminals are running QR scams. By scanning a QR code from an unverified source, cybercriminals can redirect your phone to a malicious site to steal your personal information.

The commercial itself drew mixed reactions and a conversation many weren’t expecting. Coinbase’s commercial consisted of a QR code on the screen, and so many people scanned the code that their website crashed. It would not be surprising for viewers—conditioned for years now to scan a QR code to access information—did so with the commercial without much thought about the benefit. The incentive to scan the code was small—a $15 giveaway—yet many scanned the code regardless of the potential threat.

While you still may need to follow another prompt or two to before your device can be exploited, you’re still opening yourself up to a threat. You should always validate where the QR code is coming from and never scan a random QR code.

There are some additional tips to protect yourself, your employees, and your business:

  • After scanning the QR code, check the URL to make sure it is the correct site and looks authentic.
  • Practice caution when entering any personal information including, but not limited to, login in credentials or financial information.
  • If scanning a physical code, make sure it hasn’t been tampered with or replaced by a sticker.
  • Never download an app from a QR code. Always navigate to your phone’s app store.
  • Call the company if you receive an email prompting you to complete payment through a QR code, especially if it’s the only option.
  • Use your phone’s camera, not a QR code scanner app, to scan QR codes.

Mixed Use Devices

We find it particularly alarming to think about the number of Superbowl viewers who scanned Coinbase’s QR code with a personally owned smartphone connected to work email accounts. There may be fewer security protocols or procedures in place for these mixed-use devices. Employees should treat such a device as sensitive and potentially exposing company content if compromised.

If it is determined that conversations and data exchanged via email are particularly sensitive, you may need to consider providing business-only devices to employees.

Tech Tips

We’re keeping it simple this month. Keyboard shortcuts can make work run more smoothly. Below, we’ve included keyboard shortcuts for both Windows and Mac computers:

Basic Windows Keyboard Shortcuts

  • Windows key opens the Start menu.
  • Windows key-E opens File Explorer to see your saved/downloaded files.
  • Windows key-I opens Settings.
  • Windows key-M minimizes all windows.
  • Windows key-S opens a search box to search your entire computer.
  • Ctrl-Z undoes the last thing you did. Ctrl plus Y redoes the last thing you did.
  • Ctrl-D bookmarks the current site you have open in your browser.
  • Ctrl-F opens a search box on any site you have open if you need to find a certain word or section.
  • Ctrl plus + and Ctrl plus – makes the text on your screen larger or smaller.
  • F5 refreshes the page that’s currently open in your browser.
  • PrtScn takes a screenshot of your current screen. You can then paste it into Word, a Google Doc, Paint, etc., for printing/editing.

Basic Mac Keyboard Shortcuts

  • Command-Q to quit
  • Function-Delete to forward delete
  • Command-Tab to switch apps
  • Command-Option to Force Quit
  • Command-M to minimize
  • Hold down Shift-Option when adjusting volume or brightness for finer control
  • Option-click to toggle Do Not Disturb by holding the Option key and clicking the Notification Center icon.
  • Option-click menu bar icons with other menu bar items to access different or expanded menus.
  • Option-click the Apple button when the menu is visible, dots disappear from Restart, Shut Down, and Log Out so you can perform any of the three commands without the confirmation step.
  • Command-spacebar for Spotlight

How Anteris can help

We stand by the idea that education is the best form of prevention for cybersecurity. You need to be aware of potential threats to defeat them. It can be overwhelming to try to stay in front of all possible threats; that’s why having a strategic IT partner is so important. Schedule a meeting to find out how Anteris can make technology freeing, not frustrating.

P.S. password hygiene

In addition to information about a security scam, we will use this place to give a password hygiene tip of the month. Just like a dentist reminding you to floss, periodically evaluating the health of your passwords can make your accounts more secure. This month, we want you to be aware of where you are entering your password. Beware of entering passwords on websites that don’t show the lock indicating that traffic is encrypted, through a link you received via email, or on untrusted wireless networks.

Tagged in: News Security