You were just QR-ickrolled by your security team.

It's okay! You're human. Let's learn from this.

Rather than stealing your login credentials like a cyber criminal, we have redirected you to this educational page instead.

Cyber criminals can leverage QR codes to infect devices with malware, steal personal information, or conduct phishing scams using the following attack vectors:

• Quishing:

  Threat actors can use a QR code inside a phishing email, or to direct the user to a phishing website which prompts the user to disclose personal information.

• Cloning:

  Threat actors clone an authentic QR code that redirects you to a malicious site or infects your device with malware to extract your personal data when you scan it.

• Leveraging:

  Threat actors use QR codes for phishing and malware attacks. Malicious QR codes can direct users to legitimate-looking websites designed to steal credentials, credit-card data, or corporate logins or to sites that automatically download malicious software onto mobile devices.

• Advertising:

  Threat actors place malicious QR codes in public areas with the hopes that people passing by will scan them.

• Scanner apps:

  Threat actors can use third party scanner apps to spread malware and gain access to some privacy settings on your mobile device, such as viewing your network connections or modifying the contents of your USB storage. You should use the camera built into your device or a secure code reader application to scan QR codes.

To learn more about how cyber criminals can use QR codes to disguise their attempts to steal your sensitive information, check out Security considerations for QR codes ITSAP.00.141 and this video: