I really like QR codes and am seeing them more and more in my neighbourhood, being incorporated on posters for restaurants, church groups and yoga classes. But as the popularity increases, so do the opportunities for malevolence.

Wadds recently explored QR codes as an engagement mechanic, so they were fresh on my mind when the Canadian media covered an embarrassing QR code mistake on Friday. A high profile politician’s election sign used a QR code, but instead of pointing to Liberal.ca, the party website, it apparently pointed Luberal.ca, a pornographic website dedicated to “encouraging the liberal use of lube in sexual encounters.”

This was, however, a Montreal freelance journalist’s hilarious April Fools gag, but still a very possible blunder. This example would have been a typo, but a QR code could also be purposely used to direct you to a misleading site. Like URL shorteners, with QR codes you aren’t really sure what you are opening up. Criminals take advantage of URL shorteners to make phishing URLs less suspicious to detection. As we are increasingly using smartphones to handle sensitive information and financial transactions, and mobile malware is quickly evolving, how long until our phones become a major target and we see criminals using QR codes to send us to infected sites?