What are QR Code Scams
A QR code is a square code (similar to a bar code) that can be easily read by a digital device such as your phone. It stores information as a series of pixels that contain data for a locator, an identifier, and for web-tracking. They have become extremely common among marketers for their efficiency in directing potential customers to a website, alleviating the need for users to type the URL directly into a web browser. However, as the use of new technology like this grows, so does the risk of criminals attempting to exploit its unsuspecting users.
The FBI has recently issued a warning to Americans that they should exercise more caution when scanning QR codes with their smartphones, due to reports of cybercriminals tampering with codes to try and steal the victims personal or financial information. Criminals use these altered QR codes to direct victims to malicious websites to steal their data, embed malware into a victim’s device, or even redirect their payments into their own accounts. Stephanie Walker, assistant section chief of the FBI Cyber Division, told ABC news, “What happens when you scan a QR code that isn’t the one you’re supposed to be scanning is that it can give the criminal access to your phone, which then allows them access to any apps that you normally use. It can also drop some sort of computer intrusion type software that can alter your phone and steal credentials." The FBI also stated that cryptocurrency fraud is another area of concern, due to crypto transactions often being made through QR codes associated with the user’s account.
How to Protect Yourself from QR Code Scams
The FBI has offered several tips that can help you steer-clear of phony QR codes and better protect your data:
- Ensure that the website address, or URL, that pops up appears legitimate and is the intended site before clicking. Domain name misspellings, domain names containing hyphens or symbols, shortened URLs, or domains entirely made up of numbers should raise immediate red flags.
- Exercise caution when providing personal or sensitive information after scanning a QR code.
- Be cautious when downloading apps directly from QR codes. Instead, rely on your phone’s app store for safer downloads.
- If ever prompted to complete a payment via QR code in an email, contact the company directly to confirm the authenticity of the message.
- Avoid downloading QR code scanner apps to minimize the risk of malware (most smartphones already have built-in QR code scanning features within their camera apps).
- Avoid making payments through a site navigated from a physical QR code. Instead, manually type the URL into your web browser to avoid any potential malicious alterations made to the code.