The “Big Game” ad

This “Big Game” ad … reports are it generated millions of hits on the advertiser’s website. It may have generated millions of dollars. It definitely brought down the advertiser’s website for a bit.

As a small business owner, I was impressed. As a marketer (or wanna-be), I was envious at how fantastically viral it was. As a cyber security evangelist and IT professional, I was horrified.

Over the weekend, I gave a brief talk about the prevalence of QR codes and the normalization of “just click it”. As a threat-vector, the QR code offers an almost unlimited opportunity. We’ve been conditioned to scan a QR code to avoid touching a paper or plastic laminated menu during Covid exposure. There are bus ads and subway billboards that offer QR code to get more information about a product. We’re asked to scan a QR code to give feedback and maybe win a free product.

A QR code makes it so easy to pass information. And that is what makes it so dangerous.

Unlike a long link that we can hover over in an email to see where we may be redirected to, a QR code tells us nothing until it is scanned. Link-shorteners are convenient from a marketing and sales perspective, but they can be viewed in a protected environment, if you take the time.

The delivery mechanism of malicious code is one of the tricky bits. When we normalize the delivery method to the point that everyone just scans a QR code, delivery of that malicious code becomes so much easier.

When you see a QR code without any other information attached, please, don’t just scan it.

I’ll have some follow-ups on QR codes in the coming days.

Stay safe out there.