By LAURA HAIGHT

We are all attracted to the unusual. Especially if they are bright, shiny objects like, perhaps, a bouncing QR code winking at us from 114 million TV screens.

An ad for Coinbase, a crypto company, aired during the Super Bowl doing just that. 20 million snap-happy people scanned the code that took them to a subscription page on the Coinbase website. Good thing that’s where it took them, since for 95 percent of its air time, there was no indication on the screen of what company was running this ad or where the QR code would take you.

It’s a graphic illustration of why hacking, cyber crime, and malware are so successful. Because we are horrible at protecting ourselves.

A QR code is nothing more than a potentially risky link with a pretty face.

When we work with clients on risk assessments, we often find that there is a chasm between what people know about cyber security and what they do.

Dig down into the big hacks and data breaches of the past and you find everyone began when one authenticated user did something they shouldn’t have, clicked/downloaded something dangerous, or didn’t do something they were supposed to do.

It takes time to execute a major cyber crime or data breach, but it has to start with gaining access. And door can be opened by anyone from a mail room clerk to the CEO, clicking on a potentially dangerous link.

In the Coinbase case, QR snappers didn’t even know the company name or what they were expecting when they got there. It shows how vulnerable our personal data and our company data are in the hands of our own trusted users.

The lesson for businesses here: Don’t assume everyone knows about the danger of links in emails or on websites. Keep cybersecurity on the front burner of employee communications.

For individuals: Just don’t.