What are QR Code Scams
A QR code is a square code (similar to a bar code) that can be easily read by a digital device such as your phone. It stores information as a series of pixels that contain data for a locator, an identifier, and for web-tracking. They have become extremely common among marketers for their efficiency in directing potential customers to a website, alleviating the need for users to type the URL directly into a web browser. However, as the use of new technology like this grows, so does the risk of criminals attempting to exploit its unsuspecting users.
The FBI has recently issued a warning to Americans that they should exercise more caution when scanning QR codes with their smartphones, due to reports of cybercriminals tampering with codes to try and steal the victims personal or financial information. Criminals use these altered QR codes to direct victims to malicious websites to steal their data, embed malware into a victim’s device, or even redirect their payments into their own accounts. Stephanie Walker, assistant section chief of the FBI Cyber Division, told ABC news, “What happens when you scan a QR code that isn’t the one you’re supposed to be scanning is that it can give the criminal access to your phone, which then allows them access to any apps that you normally use. It can also drop some sort of computer intrusion type software that can alter your phone and steal credentials."
There are several ways scammers implement QR code scams. Typically, these scams are physical and not sent through SMS messages or emails. Scammers often place fraudulent QR code stickers over legitimate ones, such as those on parking meters, physical advertisements, or product packaging. They have also been known to send fake letters or packages containing malicious QR codes. These packages or letters often include free items, with the fake QR code intended to exploit the recipient’s curiosity to find out more about the unexpected gift. It’s crucial to exercise caution whenever you scan a QR code and to know how to protect yourself from accidentally scanning a fraudulent one.
How to Protect Yourself from QR Code Scams
The FBI has offered several tips that can help you steer-clear of phony QR codes and better protect your data:
- Ensure that the website address, or URL, that pops up appears legitimate and is the intended site before clicking. Domain name misspellings, domain names containing hyphens or symbols, shortened URLs, or domains entirely made up of numbers should raise immediate red flags.
- Check to see if the code you're scanning doesn't have a sticker placed over the original code.
- Do not scan QR codes from unexpected mail
- Exercise caution when providing personal or sensitive information after scanning a QR code.
- Be cautious when downloading apps directly from QR codes. Instead, rely on your phone’s app store for safer downloads.
- If ever prompted to complete a payment via QR code in an email, contact the company directly to confirm the authenticity of the message.
- Avoid downloading QR code scanner apps to minimize the risk of malware (most smartphones already have built-in QR code scanning features within their camera apps).
- Avoid making payments through a site navigated from a physical QR code. Instead, manually type the URL into your web browser to avoid any potential malicious alterations made to the code.