QR Codes at Events: Enhancing Convenience or Risking Security?

In today's digital landscape, QR codes have become an integral part of events, providing a seamless user experience and enhancing efficiency. However, with convenience comes the risk of security threats like 'quishing'—QR code phishing that deceives attendees into sharing sensitive information. As events increasingly incorporate these codes, understanding and mitigating the risks associated with them is crucial.

Understanding Quishing

The term 'quishing' refers to a form of phishing that uses QR codes to direct unsuspecting users to malicious sites. These sites often mimic legitimate event platforms and request personal information under false pretenses. A recent anti-fraud convention in Singapore showcased the ease with which scammers can exploit these codes. Attendees were presented with a fake QR code that promised expedited access, illustrating the potential dangers of blindly trusting unverified QR codes.

How Quishing Occurs

According to Lorela Chia, managing director of GR8 Dreams, quishing often involves rogue microsites that impersonate official event pages, complete with counterfeit speaker and sponsor lists. Additionally, some attackers employ deep-link phishing techniques disguised as feedback forms. Beyond QR codes, event participants may receive fake emails or texts claiming to offer event updates, which attempt to gather personal details or install malicious software.

The Cybersecurity Responsibility of Event Organisers

Event organisers, especially those handling B2B events, bear a significant responsibility in safeguarding not only personal information but also sensitive business data. As Chia points out, high-level conferences often involve the exchange of valuable information, necessitating a robust cybersecurity framework. Organisers must transcend traditional methods and adopt rigorous security protocols tailored to the unique risks of business events.

Effective cybersecurity measures include using branded, tamper-evident QR codes linked to a verified domain, ensuring staff are trained to direct attendees to official scanning points, and centralising communication channels to reduce the risk of misinformation.

Educating Attendees

Brett Han, managing director at iCube Events, emphasizes the importance of education in combating quishing. Visible reminders urging attendees to scan only official QR codes and providing pre-event briefings can significantly mitigate risks. Encouraging the use of the event's official app for QR code scanning and ensuring the physical codes are displayed in controlled, monitored areas are additional preventive steps.

Internal Data Management Practices

Internally, event organisers must also enhance data governance practices. Chia advises against indiscriminate data collection, advocating for transparency through a 'Data Use Statement' at registration. Implementing two-factor authentication for staff managing attendee data and avoiding unmoderated public Wi-Fi are recommended security protocols.

The Role of QR Codes in Event Management

Despite the risks, QR codes offer significant advantages in the event management sector. Atika Rosli, chief executive at Beyond Events, notes that when security measures are clear and visible, the benefits of QR codes—such as reducing paper waste, streamlining check-in, and facilitating contactless interactions—outweigh the potential threats. They not only enhance the attendee experience but also provide valuable data insights for organisers.

While there is a growing awareness of digital risks, attendees continue to appreciate the convenience of QR codes. As Han suggests, much like credit card fraud, security measures and guarantees will encourage continued use of QR codes despite potential threats.

Building Trust in Digital Tools

Rather than eliminating QR codes, the focus should be on building trust through visible security measures and fostering a culture of cautious digital engagement. As attendees become more discerning, they will seek out trust signals and avoid platforms that lack clarity or security. Organisers must ensure that their digital interactions are secure, transparent, and user-friendly.

In conclusion, while quishing presents a legitimate threat, it also serves as a timely reminder for event organisers to fortify their security measures. By adopting a comprehensive approach to cybersecurity and educating attendees, the event industry can continue to leverage QR codes effectively, enhancing both the efficiency and security of events.