Skip to Content
Department of Information Technology
scattered blue locks with one red lock standing out.

You've Been Hooked!

The link you just clicked on was part of Seton Hall's recent phishing test.

Scanning a QR code can be dangerous. Here's why.

woman scanning a QR code on a mobile phone.Threat actors may use QR codes to gain access to your sensitive information, such as your name, address, or credit card information. This type of phishing scam is referred to as 'quishing' or QR-phishing.

Common Quishing Scams:

There are a few different ways in which scammers use QR codes to steal personal information or commit other crimes:

  1.  You Could Be Directed to a Phishing Website
    The website may look legitimate, but you will be prompted to enter personal information, such as your name, phone number, and credit card number. Scammers then use this to steal your financial information and/or identity.

  2. Your Device Could Get Infected With Malware
    QR codes can be linked to malicious websites that use drive-by downloads or malvertising to infect your computer or device with malware, ransomware, and password-stealer or keylogger trojans. Some infections have the ability to track you, steal your private data, encrypt your device, and even spy on you. 

  3. The QR Code Could Send Emails from Your Accounts
    The codes can be programmed to access payment sites, monitor social media accounts, and send pre-written emails. For instance, a fake QR code can create and send emails from your account if you scan it.

Baiting

Baiting is a type of social engineering attack where threat actors use bait to deceive their targets. In a QR code baiting attack, attackers can leave random malicious QR codes in public spaces to entice people into scanning them.

Protect Yourself from Quishing

  • If a QR code leads to a URL, review the URL before proceeding to the site.

  • If you use a QR app, check the settings to make sure the app is set to show you the URL first instead of automatically opening the URL on your device.

  • Do not scan a code unless you are absolutely sure it is safe.

  • When in doubt, click the "Report Phish" button in the Outlook's main icon ribbon to send the email to IT Security for investigation.

Need Help?

For questions or assistance, contact the Technology Service Desk at: