Cyber Bytes: Don’t Get Swindled by QR Code Scams

Quick response (QR) codes allow you to navigate to a website or other digital information without typing in a web address. From cashless vendors to product information to airline boarding passes, QR codes made it easier to share information digitally.

QR codes are like barcodes on products at the grocery store. But instead of lines, they look like an image of tiny squares on a white background. Your smartphone’s camera can read the information embedded inside the code. QR codes usually contain hyperlinks that take you directly to a website, discount coupon, menu or payment platform without requiring you to type anything into your browser.

QR codes have been around since the 1990s, but they’ve been rising in popularity worldwide since 2020. Businesses like them because they’re customizable and give targeted insight into consumer behavior. Customers like them for their convenience and interactivity. Criminals like them because people aren’t paying attention, making it easier to lure victims to fake sites. This is known as “quishing.”

The Federal Trade Commission (FTC) has reported a rise in QR code swindles and is warning consumers to stay vigilant when using them.

How criminals use QR codes to scam you
QR codes loaded with malicious hyperlinks can bypass email security software, making phishing easier. Criminals embed false hyperlinks into QR codes and pass them off as authentic. You scan the codes, believing you’re going to a trusted company’s website. Instead, you end up on a fake but identical-looking site where crooks trick you into giving up personal information or downloading malware.

Criminals also tamper with publicly accessible QR codes. They put their corrupt codes over legitimate ones and wait for you to log in. From there, they steal personal information, passwords or financial details. Think parking payment meters that request credit card information or connections to Wi-Fi networks that can sniff out your phone activity.

Here are some other ways crafty criminals can con you with QR codes, according to the FTC:

• Undeliverable package: They send a text stating you have a delivery, asking you to scan a QR code to reschedule before it’s returned. At the site, they request a password or credit card information to verify your identity. But instead of rescheduling a delivery, they steal your account information.
• Problem account: They send an email saying you’ve got a problem with your account. They tell you to scan a QR code to verify your account information so it won’t be deactivated. Instead of fixing your account, they steal your login information and use it for themselves.
• Suspicious activity: They ask you to scan a QR code to stop fraudulent activity on your account. The code takes you to a site where they tell you to log in using your banking information. Once you do, they steal your information and drain your account.

Beware of urgent requests and fear tactics

The pattern among most scams is a sense of urgency, curiosity or emotional appeal, like fear. Resist the temptation to take action on a seemingly urgent text or email and take a breath instead. Scammers don’t want you to think clearly. They want you to remain emotional and confused. This makes it easier to take advantage of you.

Legitimate companies will not ask you to disclose passwords, account numbers, authentication codes or Social Security numbers. If it doesn’t feel right, it probably isn’t. Trust your gut.

Avoid becoming a victim of a QR code scam

You can avoid becoming a victim of a QR scam with these tips:

• Scan trusted codes: Don’t scan random QR codes, no matter how tempting. Publicly accessible QR codes that are easy to tamper with are prime targets for criminal operations. Only scan codes from reliable sources.
• Verify the web address before taking action: Some QR scanner apps can show you the destination website before opening it. Confirm the QR code hyperlink. Check for spelling errors, odd email addresses or redirects. If the link doesn’t look right, don’t click on it. Contact the company directly.
• Update your device software: Update your mobile device and QR scanner apps regularly. Device updates usually include security patches that can protect against new threats.
• Use QR code scanner apps with security features: Use a scanner with built-in safety. If your email antimalware software misses a threatening link, your secure QR code scanner might catch it. Some QR code scanners automatically save contact lists and read product bar codes.
• Beware of Wi-Fi QR codes: Only scan Wi-Fi codes if you trust the host. These QR codes allow guests to connect to Wi-Fi networks without needing to log in, but they can also be malicious in the hands of a scammer. If the code looks out of place or suspicious, do not use it. Verify the Wi-Fi login with the establishment or ask an employee to give you a new code.
• Report scams: If you encounter a suspected QR code scam, report it to the Internet Crime Complaint Center. Your information could help to combat future fraud.

QR codes are trending, and criminals are never far behind in exploiting trends. Use your knowledge and think before you scan. Stay cybersafe out there!