Quick Response codes, popularly known as QR codes, have been around for a while (since 1994!). So why are these square, patchy-looking bar codes suddenly such a big concern?
As more businesses are going contactless for sanitary reasons due to the pandemic and heightened public health safety, QR codes have become more ubiquitous in familiar places like:
- Parking meters
- Restaurant tables in lieu of menus
- Near a vendor’s cash register/checkout area
- Retail store fitting rooms
- Airports
- And even emails
The QR code’s popularity and ease of use hasn’t gone unnoticed by scammers who have been using their own codes to trick people into providing their private data – like phone numbers, email addresses, usernames, passwords, and financial account numbers.
How QR Code Scams Work
When scanned with your mobile phone’s camera, QR codes conveniently allow you to:
- Quickly open a browser on your phone and automatically navigate to the code’s programmed website address (URL) without you having to manually type it in yourself
- Quickly download an app by opening the app store on your phone and automatically directing you to the application’s download screen
- Pay for goods or services without physical cash or having to swipe or tap credit/debit cards
These convenient features of the QR code enable a scammer to simply print out their own QR code sticker and place it on top of a legitimate code or place their fraudulent sticker in a public place – like on a parking meter, public sign, or even on a fake parking ticket!
Then, scanning the fraudulent QR code could pull up a phishing website in your mobile web browser. This website will likely mimic the appearance of a legitimate website and contain fields for you to enter personal or financial information, such as your username and password or credit/debit card number.
Or the scammer could use their phony QR code to download malware onto your phone so that they can directly access sensitive data on your device. They might try to access your phone’s location in order to track you or to collect any financial info stored on the phone – or even try to access pictures and accounts to use as leverage in an extortion attempt.
Scammers are also known to use their forged QR codes to redirect payments to their own financial accounts instead of to the intended legitimate vendor you’re trying to pay.
How To Protect Yourself
The FBI outlines 8 ways to protect yourself from QR code scams at ic3.gov. Here are their tips to stay safe:
Based on the FBI’s advice, it might be best to pass on QR codes altogether despite their ease of use. But if you absolutely need to scan a QR code, be sure to download an app that can screen it for malicious activity. A few good free options are:
- Sophos Intercept X for iPhone and Android
- Kaspersky QR Scanner for iPhone and Android
- Trend Micro for iPhone and Android
If You’ve Encountered a Scam
If you think you or someone you know have come across a QR code scam, you can report the fraudulent code in two ways:
- At your local FBI field office, which you can find on a list at https://www.fbi.gov/contact-us/field-offices
- Via the FBI’s Internet Crime Complaint Center (IC3) at https://www.ic3.gov/Home/FileComplaint
Stay safe out there!
Related Articles:
– Good Passwords: How to Protect Yourself from Hackers
– Apple AirTag Stalking: How To Keep Yourself Safe