Super Bowl commercial unintentionally raises flag about QR code dangers

PITTSBURGH — Cybersecurity expert Dan Desko, CEO of Echelon Risk and Cyber, said the real winner during the Super Bowl was a cryptocurrency company called Coinbase.

The company’s $14 million Super Bowl ad that consisted of a QR code floating around the screen turned out to be clickbait for millions. In fact, so many people scanned that code that it crashed their website.

Desko said the company knew it was going to get this attention.

“Any PR is good PR, right? I think they saw it coming,” Desko said.

While there was some incentive to scan the code -- a $15 giveaway -- many were upset about how irresponsible it was to promote something like this.

Desko said scanning the wrong QR code can be dangerous, and so did the FBI just last month when it put out a warning about QR code scams run by cybercriminals tampering with the codes to redirect people’s phones to malicious sites to steal your personal information.

>>RELATED STORY: FBI warning: criminals using fake QR codes to steal money

Desko said if you do scan a malicious QR code, you still have time to prevent becoming a victim.

“Most of the time, you still have to follow another prompt or two. You’ll still have to enter your credentials somewhere, or maybe it’ll ask you to download something,” Desko said.

Desko said you should always validate where the QR code is coming from and never scan a random QR code, such as one you might see on the street.

For Apple customers, the camera app on the phone is also a big help.

“The camera app shows you where that link is taking you before you actually go there, so you do have the chance to say yes or no,” Desko said.