Editorial comment
Five years on from the start of the COVID-19 pandemic, it’s clear that the crisis has reshaped the way that we interact with the world. Remote work is no longer a perk but a norm for millions. E-commerce has tightened its grip on retail. Education has shifted into hybrid formats. Even our social habits have been reshaped by a new awareness of proximity and hygiene.
Register for free »
Get started now for absolutely FREE, no credit card required.
The pandemic pushed us into a digital acceleration that few would have predicted beforehand. Among the many technologies that surged in relevance – video conferencing platforms, mobile payment systems, and digital health apps, to name just a few – one quietly made its way from novelty into the mainstream: the humble QR code. Once a niche utility, overlooked and forgotten, the little black and white square became a symbol of contactless convenience.
I wrote about the surprising revival of the QR code back in 2020, in an editorial comment for our Tanks & Terminals supplement. At the time, the QR code had emerged from the digital wilderness to take centre stage in our social interactions, offering a gateway to restaurant menus, vaccine records, contact tracing, and touchless transactions.
There had been a time – years before – when the QR code had burst onto the scene. Flick through an issue of Hydrocarbon Engineering from the early 2010s and you will find it littered with QR codes. But their early mainstream use stumbled due to a number of reasons: smartphones needed third-party apps to scan the codes, data connections weren’t as reliable as they are now, and the user experience was often clunky. The big gamechanger for the technology was the ability to scan the codes using smartphone cameras (and a global pandemic, of course).
However, the QR code has a new nemesis that is threatening to damage user confidence: quishing. In a rising trend, scammers are using QR codes to direct users to malicious websites and carry out phishing attacks. Here in the UK, the national fraud reporting centre received 1386 reports of people being targeted in 2024 (up from just 100 cases in 2019). Contactless payment hotspots, such as parking meters and restaurant menus, are common targets for the criminals, who stick their own QR codes on signage in the hope of directing users to their websites and tricking them to hand over their bank details. Fraudulent codes have also been spotted on television and in email campaigns. In fact, back in May 2023, a major quishing attack targeted a US energy company. Attackers sent fake Microsoft emails that encouraged users to update security or enable multi-factor authentication. Scanning the embedded QR code led victims to a fake Microsoft login page, compromising over 1000 accounts.1
Quishing is just another cyberthreat facing the energy sector, and the case study above should serve as a wake-up call for the industry. The cyberattack bypassed many traditional email filters and capitalised on employee trust in visual prompts. In a sector as critical as energy, the incident highlights how urgently companies must adapt their cybersecurity strategies to match the pace of evolving threats.
Rest assured, all QR codes featuring in this issue of Hydrocarbon Engineering have been scanned and vigorously checked. You can use them to access a wealth of information from our advertisers, as well as register for one of our upcoming webinars (p. 20), download a copy of our EnviroTech supplement (p. 55), access the latest issue of Global Hydrogen Review magazine (p. 63), and listen to the Hydrocarbon Engineering Podcast (inside back cover).
