TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

admin

Don’t Skip It! Why You Shouldn’t Skip Regular Vulnerability Assessments For Your Company

Cyber threats are a perpetual reality for business owners. Hackers are constantly innovating. They devise new ways to exploit vulnerabilities in computer systems and networks.

For businesses of all sizes, a proactive approach to cybersecurity is essential. One of the most crucial elements of this approach is regular vulnerability assessments. A vulnerability assessment is a systematic process that identifies and prioritizes weaknesses in your IT infrastructure.

Some businesses may be tempted to forego vulnerability assessments. They might think it’s too costly or inconvenient. Small business leaders may also feel it’s just for the “big companies.” But vulnerability assessments are for everyone.

Why vulnerability assessments matter

The internet has become a minefield for businesses. Cybercriminals are constantly on the lookout for vulnerabilities to exploit. Once they do, they typically aim for one or more of the following:

  • Gain unauthorized access to sensitive data
  • Deploy ransomware attacks
  • Disrupt critical operations

Here’s why vulnerability assessments are crucial in this ever-evolving threat landscape:

  • Unseen Weaknesses: Many vulnerabilities remain hidden within complex IT environments.
  • Evolving Threats: Experts discover new vulnerabilities all the time. Regular assessments ensure your systems are up to date.
  • Compliance Requirements: Many industries have regulations mandating regular vulnerability assessments.
  • Proactive Approach vs. Reactive Response: Identifying vulnerabilities proactively allows for timely remediation. This significantly reduces the risk of a costly security breach. A reactive approach is where you only address security issues after an attack.

The high cost of skipping vulnerability assessments

  • Data Breaches – Unidentified vulnerabilities leave your systems exposed.
  • Financial Losses – Data breaches can lead to hefty fines and legal repercussions as well as the cost of data recovery and remediation.
  • Reputational Damage – A security breach can severely damage your company’s reputation. It can erode customer trust and potentially impact future business prospects.
  • Loss of Competitive Advantage – Cyberattacks can cripple your ability to innovate and compete effectively. This can hinder your long-term growth aspirations.

The benefits of regular assessments

  • Improved Security Posture: Vulnerability assessments identify and address vulnerabilities.
  • Enhanced Compliance: Regular assessments help you stay compliant with relevant industry regulations.
  • Peace of Mind: Knowing your network is secure from vulnerabilities gives you peace of mind.
  • Reduced Risk of Costly Breaches: Proactive vulnerability management helps prevent costly data breaches.
  • Improved Decision-Making: Vulnerability assessments provide valuable insights into your security posture.

Vulnerability assessments are not a one-time fix. Your business should conduct them regularly to maintain a robust cybersecurity posture. By proactively identifying and addressing vulnerabilities, you can significantly reduce your risk of cyberattacks.

Think About Recovery Before The Attack Strikes

Let us set the scene. It’s an ordinary Wednesday. You’re in the zone, minding your own business, getting things done, and making those boss decisions that keep your company running smoothly. Suddenly, without warning, BAM… you get hit with a cyber attack.

Panic mode kicks in.

But here’s the thing: These attacks are far more common than you might think. And guess who the favorite targets are? Surprisingly, it’s not the big multinational corporations but small and medium-sized businesses (SMBs) like yours.

The consequences of a cyber attack? We’re talking about severe financial losses, significant data loss, and reputation damage that can take years to recover from. The whole nine yards.

However, it doesn’t have to be that way. If you have a recovery plan in place, you can turn what could be a total nightmare into merely “an annoying inconvenience.”

So, what should your recovery plan include? Well, let’s start with prevention. Prevention is absolutely key. Investing in solid cybersecurity measures such as firewalls, antivirus software, and regular security checkups can go a long way in keeping your business safe. And don’t underestimate the importance of educating your team about good cyber hygiene – this includes using strong passwords, recognizing phishing attempts, and not clicking on suspicious links.

Next, it’s crucial to have a game plan for when the inevitable happens. This means having clear protocols in place for how to respond to an attack. Know who to call, what immediate steps to take to minimize the damage, and how to communicate with your stakeholders. Quick and decisive action can significantly reduce the impact of an attack.

One of the most critical components of your recovery plan is data backups. Regularly backing up your data to a secure location can be a true lifesaver in the event of an attack. This ensures that even if your systems are compromised, you still have access to your important files. Make sure your backups are done frequently and stored in a location that is not connected to your primary network.

Moreover, practice makes perfect! Regularly test your recovery plan to ensure it’s effective and up to date. Conducting drills and simulations can help you identify any weaknesses in your plan and make necessary adjustments. After all, you don’t want to wait until disaster strikes to discover that your plan has more holes than a block of Swiss cheese.

It’s also important to consider the legal and regulatory aspects of cybersecurity. Different industries have different requirements when it comes to data protection and breach notification. Ensure that your recovery plan complies with all relevant laws and regulations. This not only helps protect your business but also builds trust with your customers and partners.

In the aftermath of an attack, communication is key. Be transparent with your customers, employees, and other stakeholders about what happened, what steps you are taking to address the situation, and how you plan to prevent future incidents. Honest and timely communication can help mitigate reputation damage and maintain trust.

Finally, consider partnering with cybersecurity experts who can provide additional support and guidance. They can help you develop a comprehensive recovery plan, conduct regular security assessments, and stay up to date with the latest threats and best practices. Cybersecurity is a complex and ever-evolving field, and having experts on your side can make a significant difference.

Cyber attacks may be scary, but with a solid recovery plan in place, you can rest easy knowing your business is armed and ready. Remember what they say: Fail to prepare, prepare to fail.

If you need assistance in creating your recovery plan, don’t hesitate to get in touch. We’re here to help you safeguard your business and ensure you’re prepared for whatever comes your way.

Beware of Deepfakes! Learn How to Spot the Different Types

Have you ever seen a video of your favorite celebrity saying something outrageous? Then later, you find out it was completely fabricated? Or perhaps you’ve received an urgent email seemingly from your boss. But something felt off.

Welcome to the world of deepfakes. This is a rapidly evolving technology that uses artificial intelligence (AI). It does this to create synthetic media, often in the form of videos or audio recordings. They can appear real but are actually manipulated.

Deepfakes have already made it into political campaigns. In 2024, a fake robocall mimicked the voice of a candidate. Scammers wanted to fool people into believing they said something they never said.

Bad actors can use deepfakes to spread misinformation and damage reputations. They are also used in phishing attacks. Knowing how to identify different types of deepfakes is crucial in today’s world.

So, what are the different types of deepfakes, and how can you spot them?

Face swapping deepfakes

This is the most common type. Here the face of one person is seamlessly superimposed onto another’s body in a video. These can be quite convincing, especially with high-quality footage and sophisticated AI algorithms. Here’s how to spot them:

  • Look for inconsistencies: Pay close attention to lighting, skin tones, and facial expressions. Do they appear natural and consistent throughout the video? Look for subtle glitches such as hair not moving realistically or slight misalignments around the face and neck.
  • Check the source: Where did you encounter the video? Was it on a reputable news site or a random social media page? Be cautious of unverified sources and unknown channels.
  • Listen closely: Does the voice sound natural? Does it match the person’s typical speech patterns? Incongruences in voice tone, pitch, or accent can be giveaways.

Deepfake audio

This type involves generating synthetic voice recordings. They mimic a specific person’s speech patterns and intonations. Scammers can use these to create fake audio messages and make it seem like someone said something they didn’t. Here’s how to spot them:

  • Focus on the audio quality: Deepfake audio can sound slightly robotic or unnatural. This is especially true when compared to genuine recordings of the same person. Pay attention to unusual pauses as well as inconsistent pronunciation or a strange emphasis.
  • Compare the content: Does the content of the audio message align with what the person would say? Or within the context in which it’s presented? Consider if the content seems out of character or contradicts known facts.
  • Seek verification: Is there any independent evidence to support the claims made? If not, approach it with healthy skepticism.

Text based deepfakes

This is an emerging type of deepfake. It uses AI to generate written content like social media posts, articles, or emails. They mimic the writing style of a specific person or publication. Scammers can use these to spread misinformation or impersonate someone online. Here’s how to spot them:

  • Read critically: Pay attention to the writing style, vocabulary, and tone. Does it match the way the person or publication typically writes? Look for unusual phrasing, grammatical errors, or inconsistencies in tone.
  • Check factual accuracy: Verify the information presented in the text against reliable sources. Don’t rely solely on the content itself for confirmation.
  • Be wary of emotional triggers: Be cautious of content that evokes strong emotions. Such as fear, anger, or outrage. Scammers may be using these to manipulate your judgment.

Staying vigilant and applying critical thinking are crucial in the age of deepfakes.

Familiarize yourself with the different types. Learn to recognize potential red flags. Verify information through reliable sources. These actions will help you become more informed and secure and protect you from these threats.

How To Make The Pain Of Passwords Go Away

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Passwords. They’re the keys to our digital kingdoms, but also the biggest pain in our necks.

They’ve been around since the dawn of the internet, and guess what? Even with replacements being introduced, they’re not going away anytime soon.

I’m sure you’ve felt the pain of managing a billion passwords for all your accounts. It’s exhausting and risky. Perhaps it’s time you considered using a password manager.

The real beauty of password managers is you only have to remember one password – the master password to log in to your manager. Then, it does everything else for you.

  • It creates long random passwords
  • It remembers them and stores them safely
  • And it will even fill them into the login page for you

That means no more wracking your brain trying to remember if your password is “P@ssw0rd123” or “Pa55w0rd123” (both are really bad and dangerously weak passwords, by the way). With a password manager, all the work is done for you.

We won’t sugar coat it – password managers aren’t invincible. Like all superheroes, they have their weaknesses. Cyber criminals can sometimes trick password managers into auto filling login details on fake websites.

But there are ways to outsmart criminals.

First, disable the automatic autofill feature. Yes, it’s convenient, but better safe than sorry, right? Only trigger autofill when you’re 100% sure the website is legit.

And when choosing a password manager, go for one with strong encryption and multi-factor authentication (MFA) where you generate a code on another device to prove it’s you.

These extra layers of security can make a big difference in making your accounts impenetrable.

Enterprise password managers offer useful features like setting password policies and analyzing your teams’ passwords for vulnerabilities. Plus, they often come with behavior analysis tools powered by machine learning tech. Highly recommended.

But here’s the thing – no matter how advanced your password manager is, it’s only as good as the person using it. So, do yourself a favor: Train your team to stay vigilant against scams, and always keep your password manager up to date.

We can recommend the right password manager for your business and help you and your team use it in the right way. Get in touch at (734) 457-5000, or info@mytechexperts.com.

 

You’d Be Lost Without It, So Don’t Forget Email Security

Let’s talk about something super important: Email security. Yep, we know it might not sound like the most thrilling topic, but it’s a big deal. Businesses like yours face more cyber threats than ever.

We’ve seen our fair share of cyber attacks, and let us tell you, many of them start with a simple email (official figures say it’s a massive 90%!). Yep, that innocent-looking message in your inbox could be the gateway for cyber criminals to wreak havoc on your business.

So, why is keeping your business email secure so important? Well, for starters, it’s your first line of defense against cyber attacks. Think of it like locking the front door of your house to keep out intruders.

If your email is secure, you’re making it a whole lot harder for cyber criminals to sneak in and steal your sensitive data.

But implementing proper email security measures safeguards your valuable data from getting lost or falling into the wrong hands.

It’s not just cyber criminals you’re at risk from; an employee could accidentally leave a laptop on a train or in a coffee shop.

That could mean all your important business communications and documents were suddenly open for someone else to read. It would be a nightmare, right?

You might be thinking, “But I’m just a small business. Why would I be a target?” Ah, but here’s the thing – cyber criminals don’t discriminate based on business size.

In fact, small and medium-sized businesses are often seen as easier targets. That’s because they may not have the same level of security measures in place as larger corporations.

So, don’t think you’re off the hook just because you’re not a Fortune 500 company.

Now that we’ve established why email security is crucial, let’s talk about how you can ramp up your defenses.

First off, use strong, unique passwords for your email accounts. None of that “p@ssW0rd123” nonsense, please.

Better still, use a password manager to create and store uncrackable passwords.

Consider implementing two-factor authentication for an extra layer of security (where you generate a login code on another device to prove it’s you).

And don’t forget to keep your software and security patches up to date – those updates often contain important fixes for vulnerabilities that cyber criminals love to exploit.

Lastly, educate your employees about the importance of email security. They could be your strongest defense or your weakest link when it comes to keeping your business safe from cyber threats.

Teach them how to spot phishing emails (emails pretending to be from someone you trust) and what to do if they suspect something isn’t right.

Remember, a little prevention now can save you a huge headache, time, trouble (and money) later. If we can help with that, get in touch.

Google & Yahoo’s New DMARC Policy – Why Businesses Need Email Authentication

Have you been hearing more about email authentication lately? There is a reason for that. It’s the prevalence of phishing as a major security threat. Phishing continues as the main cause of data breaches and security incidents. This has been the case for many years.

A major shift in the email landscape is happening. The reason is to combat phishing scams. Email authentication is becoming a requirement for email service providers. It’s crucial to your online presence and communication to pay attention to this shift.

Google and Yahoo are two of the world’s largest email providers. They have implemented a new DMARC policy that took effect in February 2024. This policy essentially makes email authentication essential. It’s targeted at businesses sending emails through Gmail and Yahoo Mail.

But what’s DMARC, and why is it suddenly so important?

The email spoofing problem

Imagine receiving an email seemingly from your bank. It requests urgent action. You click a link, enter your details, and boom – your information is compromised. The common name for this is email spoofing.

It’s where scammers disguise their email addresses. They try to appear as legitimate individuals or organizations. Scammers spoof a business’s email address. Then they email customers and vendors pretending to be that business.

These deceptive tactics can have devastating consequences on companies. These include:

  • Financial losses
  • Reputational damage
  • Data breaches
  • Loss of future business

Unfortunately, email spoofing is a growing problem. It makes email authentication a critical defense measure.

What is email authentication?

Email authentication is a way of verifying that your email is legitimate. This includes verifying the server sending the email. It also includes reporting back unauthorized uses of a company domain.

Email authentication uses three key protocols, and each has a specific job:

  • SPF (Sender Policy Framework): Records the IP addresses authorized to send email for a domain.
  • DKIM (DomainKeys Identified Mail): Allows domain owners to digitally “sign” emails, verifying legitimacy.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Gives instructions to a receiving email server including, what to do with the results of an SPF and DKIM check. It also alerts domain owners that their domain is being spoofed.

SPF and DKIM are protective steps. DMARC provides information critical to security enforcement. It helps keep scammers from using your domain name in spoofing attempts.

Why Google & Yahoo’s new DMARC policy matters

Both Google and Yahoo have offered some level of spam filtering but didn’t strictly enforce DMARC policies.

Starting in February 2024, the new rule took place. Businesses sending over 5,000 emails daily must have DMARC implemented.

Both companies also have policies for those sending fewer emails. These relate to SPF and DKIM authentication.

Look for email authentication requirements to continue and be more strictly enforced. You need to pay attention to ensure the smooth delivery of your business email.

The benefits of implementing DMARC include:

  • Protects your brand reputation
  • Improves email deliverability
  • Provides valuable insights

Introduction To Smart Home Technology For Small Biz Owners

In the past, the concept of a “smart home” might have conjured up images of futuristic living spaces from science fiction movies. Today, technology such as video telephones and voice-activated lights have made those dreams a reality.

However, with the rapid advancement of technology, some traditional problems persist, such as security vulnerabilities and connectivity issues. If you’re incorporating smart home technology into your small business, understanding these challenges and knowing how to address them is essential.

Here are some of the most common smart home issues and solutions.

Connectivity woes

Problem: Your smart devices frequently lose connection or have slow performance.

Solution: Start by restarting your router and any problematic devices. This often resolves temporary connectivity issues. If problems persist, check the placement of your router. It should be in a central location to evenly distribute the Wi-Fi signal throughout your premises.

For larger spaces, consider investing in a Wi-Fi extender to boost signal strength and expand coverage.

Device unresponsiveness

Problem: Devices fail to respond to commands or operate sluggishly.

Solution: The first step in troubleshooting unresponsive devices is to turn them off and on again. This can clear out any temporary glitches affecting performance.

Additionally, ensure your devices are running the latest software updates, as these can include important fixes and improvements.

Battery drain

Problem: Smart devices are consuming battery power more quickly than expected.

Solution: Adjust the device settings to optimize power usage. Disable unnecessary features and reduce the frequency of updates or checks that the device conducts autonomously. These small adjustments can significantly extend battery life.

Incompatibility issues

Problem: Smart devices don’t communicate or work well together.

Solution: Ensure all devices are compatible with your chosen smart home platform (such as Google Home, Amazon Alexa, or Apple HomeKit). When purchasing new devices, review the manufacturer’s specifications to ensure they can integrate smoothly with your existing setup. This can prevent a lot of frustration and ensure that your devices can work together seamlessly.

Security concerns

Problem: Vulnerability to hacking and unauthorized access.

Solution: Secure all devices with strong, unique passwords. Avoid using default or easily guessed passwords. Implement two-factor authentication (2FA) wherever possible, adding an extra layer of security by requiring a second form of verification to access accounts.

App troubles

Problem: Apps controlling the smart devices frequently crash or lose connection.

Solution: If your app isn’t working correctly, first try logging out and logging back in. This can refresh the app’s connection to your devices. If this doesn’t solve the problem, uninstalling and then reinstalling the app may resolve underlying issues.

Automation gone wrong

Problem: Automated functions don’t operate as expected.

Solution: Review the automation rules you’ve set up and test them one at a time. This approach helps identify where things are going wrong so you can make necessary adjustments.

Limited range

Problem: Devices far from the Wi-Fi router or hub have poor connectivity.

Solution: Move devices closer to your router or smart home hub. This can enhance their communication reliability and speed.

Ghost activity

Problem: Devices activate unexpectedly or exhibit unexplained behavior.

Solution: Investigate any unusual activity thoroughly as it could indicate security issues. Change your passwords regularly and monitor device logs for any unauthorized access.

Feeling overwhelmed

Problem: The complexity of managing a smart home system can be daunting.

Solution: Take advantage of device manuals and online tutorials. These resources can provide valuable guidance on setup and troubleshooting. If needed, don’t hesitate to seek out professional help to ensure your smart home setup meets your business needs efficiently.

By understanding these common issues and solutions, you can better manage smart home technology both at home and in your business, ensuring a smoother, more secure operation. If we can help, please reach out – (734) 457-5000, or info@mytechexperts.com.

It’s Time To Fix Your Risky Password Habits

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We all know how important it is to keep our data safe, but sometimes our best intentions fall short. And when you have employees, you’re at an increased risk of security threats and bad habits creeping in.

Here’s the deal: Even if you invest in cyber security training, changing long held password habits can be a tough nut to crack. People love convenience, and remembering a ton of complex passwords just isn’t their idea of a good time.

Your employees are juggling dozens of passwords for work and personal use. It’s a lot to handle, and sometimes they slip up and reuse passwords across different accounts. It’s a familiar story, right? And it’s where the trouble starts.

When passwords are reused, it’s like leaving the front door wide open for cyber criminals. If the password is breached on one site, they will try it to access other sites.

Here’s how you can make sure your team stays on top of their password game.

Password audit: Ask your IT partner to do an audit of passwords and look for weak ones that should be changed.

Block weak passwords: Ask your IT partner to implement a password policy that stops common passwords from being used.

Scan for compromised passwords: Even strong passwords can be compromised. Stay one step ahead by scanning for breached passwords and prompting employees to change them.

Use password managers: Password managers securely generate then store a unique password for every different account… and fill them into the login box so your team doesn’t have to.

Multi-Factor Authentication (MFA): Add an extra layer of security with MFA, where you get a code on a separate device. It’s like putting a deadbolt on your front door – double the protection, double the peace of mind.

With the right tools and guidance, password security doesn’t have to be hard work. If we can help you with that, get in touch – (734) 457-5000.

What Is Microsoft’s New Security Copilot?

It can be challenging to keep up with the ever-evolving cyber threat landscape. Companies need to process large amounts of data as well as respond to incidents quickly and effectively. Managing an organization’s security posture is complex.

That’s where Microsoft Security Copilot comes in. Microsoft Security Copilot is a generative AI-powered security solution. It provides tailored insights that empower your team to defend your network. It also works with other Microsoft security products.

Microsoft Security Copilot helps security teams:

  • Respond to cyber threats
  • Process signals
  • Assess risk exposure at machine speed

A big benefit is that it integrates with natural language. This means you can ask questions plainly to generate tailored guidance and insights. For example, you can ask:

  • What are the best practices for securing Azure workloads?
  • What is the impact of CVE-2024-23905 on my organization?
  • Generate a report on the latest attack campaign.
  • How do I remediate an incident involving TrickBot malware?
  • Security Copilot can help with end-to-end scenarios such as:
  • Incident response
  • Threat hunting
  • Intelligence gathering
  • Posture management
  • Executive summaries on security investigations

How does Microsoft Security Copilot work?

You can access Microsoft Security Copilot capabilities through a standalone experience as well as embedded experiences available in other Microsoft security products.

Copilot integrates with several tools, including:

  • Microsoft Sentinel
  • Microsoft Defender XDR
  • Microsoft Intune
  • Microsoft Defender Threat Intelligence
  • Microsoft Entra
  • Microsoft Purview
  • Microsoft Defender External Attack Surface Management
  • Microsoft Defender for Cloud

You can also use natural language prompts with Security Copilot.

Should you use Microsoft Security Copilot?

The pros:

  • Advanced threat detection
  • Operational efficiency
  • Integration with Microsoft products
  • Continuous learning
  • Reduced false positives

The considerations:

  • Integration challenges
  • Resource requirements
  • Training and familiarization

The Bottom Line

Microsoft Security Copilot marks a significant advancement in the world of AI-driven cybersecurity solutions. This cutting-edge system boasts an enhanced ability to detect threats in real-time, greatly improving operational efficiency. Additionally, its wide-ranging integration capabilities make it an extremely versatile tool in the cybersecurity arsenal.

These features render Microsoft Security Copilot an especially attractive option for businesses that are intent on strengthening their digital defense mechanisms.

The decision to implement Copilot in your organization should be tailored to your specific business requirements. It’s important to weigh factors such as your current cybersecurity infrastructure, the resources at your disposal, and the level of commitment your organization is willing to make towards ongoing training and adaptation of this sophisticated AI tool.

Be Careful When Scanning QR Codes

QR codes are everywhere these days. You can find them on restaurant menus, flyers, and posters. They’re used both offline and online. QR codes are convenient and easy to use. You just scan them with your smartphone camera. You’re then directed to a link, a coupon, a video, or some other online content.

With the rise in popularity of QR codes comes an unfortunate dark side. Cybercriminals are exploiting this technology for nefarious purposes. Scammers create fake QR codes. They can steal your personal information. They can also infect your device with malware or trick you into paying money.

It’s crucial to exercise caution when scanning QR codes. This emerging scam highlights the potential dangers lurking behind those seemingly innocent squares.

The QR code resurgence

QR codes were originally designed for tracking parts in the automotive industry. They have experienced a renaissance in recent years as a result, and they’re used as a form of marketing today.

They offer the convenience of instant access to information. You simply scan a code. Unfortunately, cybercriminals are quick to adapt. A new phishing scam has emerged, exploiting the trust we place in QR codes.

How the scam works

The scammer prints out a fake QR code. They place it over a legitimate one. For example, they might stick it on a poster that advertises a product discount or a movie.

You come along and scan the fake QR code, thinking it’s legitimate. The fake code may direct you to a phishing website. These sites may ask you to enter sensitive data such as your credit card details, login credentials, or other personal information.

Or scanning the QR code may prompt you to download a malicious app. One that contains malware that can do one or more of the following:

  • Spy on your activity
  • Access your copy/paste history
  • Access your contacts
  • Lock your device until you pay a ransom

The code could also direct you to a payment page. A page that charges you a fee for something supposedly free.

Tactics to watch out for

Malicious codes concealed: Cybercriminals tamper with legitimate QR codes. They often add a fake QR code sticker over a real one. They embed malicious content or redirect users to fraudulent websites.

Fake promotions and contests: Scammers often use QR codes to lure users into fake promotions or contests. When users scan the code, it may direct them to a counterfeit website.

Malware distribution: Some malicious QR codes start downloads of malware onto the user’s device.

Tips for safe QR code scanning

Verify the source: Verify the legitimacy of the code and its source.

Use a QR code scanner app: Use a dedicated QR code scanner app rather than the default camera app on your device.

Inspect the URL before clicking: Before visiting a website prompted by a QR code, review the URL.

Avoid scanning suspicious codes: Trust your instincts. If a QR code looks suspicious, refrain from scanning it.

Update your device and apps: Keep your device’s operating system and QR code scanning apps up to date.

Be wary of websites accessed via QR code

Don’t enter any personal information on a website that you accessed through a QR code. This includes things like your address, credit card details, login information, etc. Don’t pay any money or make any donations through a QR code.