Hyperlinks and Quick Response (QR) codes are used to direct users to specific internet addresses. Because both linking techniques carry the risk of leading users to unsafe websites, anyone who uses them should be familiar with best practices.
QR codes add a dynamic and useful element to printed materials, signs and display screens, so they are attractive for content creators. However, they should be used in limited situations.
When to use
Do you create emails, documents, web pages or social media posts that will be shared digitally?
- Do not use a QR code. Use a hyperlink within the content since users will be able to click the link without scanning anything.
- Hyperlinking is a little different in every system, but you can typically highlight the terms you want to link and right click or click on a chain-link icon to add the link to the hyperlink field.
- If character limits or other constraints call for a shortened URL, use this secure UTMB-managed link shortening tool.
Do you create flyers, posters or other material for hanging, displaying or handing out in the physical world?
- Consider using a QR code. However, as a user, if the QR code is displayed in a public place, it might not be safe. Bad actors can cover QR codes with their own QR code stickers, leading users to unsafe web addresses. Quishing, much like phishing, is an attempt to access your personal information, compromise your accounts or gain access to secure resources.
- To create your own QR code, choose only safe applications. UTMB creators routinely use Adobe InDesign. Avoid free online QR code generators due to privacy and safety concerns. The creator of the "free" generator may track your activity or mine personal data. Also, QR code generators may be used to redirect users to malicious websites. (Although they seem to be creating a QR code for the website you input, the QR code you get directs users to a malicious address where they may be targets of quisihing schemes or other fraud.)
- For more help with generating QR codes securely, contact the university print shop at print.order@utmb.edu. For more specific information about how to make your QR code meet UTMB official branding guidelines, contact branding@utmb.edu.
Avoiding Threats
How can users avoid following hyperlinks and QR codes to malicious web addresses?
- A user may be able to hover over the hyperlink with a mouse and review the pop-up on the bottom left of the browser window to verify the web address. This adds a layer of safety since the user can choose whether to follow the link.
- After scanning a QR code with a mobile device, the user should carefully review the web destination, especially if personal data or login credentials are being requested. This adds a layer of safety, since the destination web page might be malicious and cloned to look like a legitimate site. Always be suspicious and exercise caution.
The above content was adapted from the June 2024 edition of the UTMB TechKnow newsletter, a resource from UTMB Information Technology Services.