Skip to content Skip to navigation
Vassar
Skip to global navigation Menu

QR codes are convenient, but are they safe?

Using Bitly URLs and QR codes on flyers and other promotional materials is tempting, especially when trying to reach our mobile-centric student audiences. But are they safe?

Sadly, what makes QR codes and short URLs easy to use can also make them risky. Since the destination is concealed from the visitor, it’s difficult to know for sure that it doesn’t link to malware or a phishing site. Paper posters and flyers are easy to hack. A malicious person can replace the poster, sticker over a portion of it, or leave a stack of flyers.

So how can we safely share links with the Vassar community?

Always check URL destinations before proceeding. You can long-press-and-hold on mobile devices to check URL and QR code destinations before opening the link. You can hover a link on your computer to inspect link destinations.

Use a Vassar branded short URL and QR code. You can use this service to turn any link into an official Vassar URL that will begin with "go.vassar.edu". You can also request an accompanying branded QR code which is much harder to fake and looks like the example below. Scanning the example QR code will take you to the form to request a short URL and QR code (this is an excellent time to practice checking the destination before scanning!).

Use digital signage. It's safe to put a short URL or a QR code on a digital sign because we can trust the source.

Get your event on the official events calendar. Events on the calendar will appear in multiple places, including Vassar Mobile. Your flyer or poster can then read something like, "For more details, tap Events in Vassar Mobile and look for Tasty Tuesday every Tuesday during the Academic Year."

Events for students also appear in the Upcoming Events feed on the student home screen of Vassar Mobile. You can't get more visible than that!

Post information at an official Vassar URL. If your group or org doesn't have a website, you can make a Google Site by going to sites.vassar.edu/new. The resulting URL will be something like this "sites.google.com/vassar.edu/myorg". It has vassar.edu in the URL, so visitors will know it's safe. You can shorten the URL further by requesting a go.vassar.edu URL as explained above.