QR codes continue to be a favorite method of cybercrime. According to new data from Cisco Talos, more than half of all QR codes in emails are linked to spam or scams [6].
Today, most people scan at least one QR code daily, often via their mobile phone. QR codes are used as part of multi-factor authentication, for promotional offers, or as part of digital ID solutions. Last summer's introduction of digital ID cards has linked the identity of millions of Swedes to a personal QR code. During the Christmas shopping season, usage increases significantly, especially as many delivery companies use QR codes [2].
Increase in fake QR codes
Last year saw a sharp increase in fake QR codes in cyber fraud, a trend that continues to grow [5]. According to Cisco Talos, 1 in 500 emails contain a QR code, and 60% of these are linked to spam or fraud attempts [3].
Henrik Bergqvist, Security expert at Cisco Sweden, says:
“We have been trained to be suspicious of attachments and links in emails, but we do not have the same skepticism towards QR codes. Their simplicity and everyday use lowers the threshold for unthinking action.”

Why fake QR codes are effective
One reason for their popularity among cybercriminals is that QR codes can bypass security measures designed to stop suspicious links and attachments. Many email protection programs have limited ability to analyze QR codes [4]. In addition, so-called “QR art” is used, where codes are integrated into images, making it even more difficult to detect fraud [2].
How to protect yourself
Security companies are working on improving protection, but as a user, you can use free online QR decoders to check the content before you scans a code [6].
"We must be as skeptical of QR codes as we are of links or attached files," ends Henrik Bergqvist.







