Gotcha.
You just scanned a random QR code off a wall. Point, tap, teleported - and until this screen loaded, you had no idea where it would take you. Be honest.
Relax, this one is friendly. It is us, the OmniIT team, saying hello. Give us the length of one lift ride to talk about that reflex.
The reflex
You aimed at a pattern of squares and tapped whatever came up.
No one made you. There was no name on it, no promise, no preview. A shape on a wall said "scan me" and you did - the way most of us would.
That instinct is the whole conversation. Someone friendly used it today. Someone else could use it tomorrow.
A link wearing a disguise
A QR code is just a web address in fancy dress. Your eyes cannot read those little squares - only your camera can.
On a normal link you can rest your finger to preview where it goes before you commit. A printed square gives you nothing to check. By the time you can read the address, you have already arrived.
You are trusting that whoever printed it meant you well. Most of the time, they did. "Most of the time" is exactly the gap a scam lives in.
How the trick works
- Stickers happen. A fake code slapped over a real one - on a parking meter, a menu, a poster exactly like the one you just met - and you would never spot the swap.
- Lookalike pages harvest logins. The link can land on a page dressed up as your bank or your email, quietly pocketing your password. It even has a name: quishing, QR phishing.
- No preview, no undo. There is nothing to hover, nothing to hesitate over. The tap and the arrival are the same moment.
The one thing to remember
Do not trust the QR.
Trust the source.
If a poster tells you to visit omnia.co.za, open your browser and type omnia.co.za yourself. Reaching a place you know by a route you chose beats being flung somewhere by a square you could not read. The destination is the same - only the risk is different.
A three-second gut check
Before your next scan, run these three:
- Do I actually know and trust whoever put this code here?
- Could I reach the same place by simply typing the address?
- When the link preview pops up, does it match the brand I expect - before I tap Open?
Lesson over.
Gotcha, with love.
Now go and enjoy OmniIT Friday - you earned it by being a good sport about all this.
PS: the code on that poster really was ours. This time.
With love, from
The Omnia IT Security team
& Berserker, HyperX Security