Is This the New Look of Phishing?

By DoIT Communications


Security Training and Awareness Working Group

Date Released: 5/5/2022

Cybersecurity Advisory 

            QR, or Quick Response, codes are one of the quickest ways to get more information about a topic or advertisement.  However, just like links sent through email or text, these codes can be misleading or purposely malicious.  The best way to protect yourself from fraudulent links is to verify the address before proceeding to the site.  

            Windows and Mac - Hover your mouse over the link to display the true web address 

            Android and iPhones - Press and hold the link for a few seconds to display the website the link will lead to. Be extra careful not to click by mistake!

            QR codes - The reader apps will display the URL before going to the linked page. Verify the address is what you expect before following the link.  (Left: iOS, Right: Android)















          Link shorteners (bitly, tiny URL) - Sometimes a sender will use a link shortening service to make the links more manageable, but this can also obscure where the link will direct you.  There are sites available, such as, that will expand shortened links, allowing you to see the true address.  

           It takes just a few moments to use these tips to verify a link is legitimate, but this could save you hours of headache later.  If you receive a message and would like the Information Security team to review its legitimacy, you can email it to PhishBowl@stonybrook or contact the service desk for assistance. 


Thank you all and stay safe, 

SBU Security Training and Awareness Working Group