Beware of Fake QR Code Scams

QR Codes are Everywhere

A quick response (QR) code is a square-shaped matrix barcode that can be read easily by a digital device. QR codes have been used for years to track product information and in marketing and advertising campaigns. Today, QR codes are customized for many different purposes, replacing paper menus in restaurants, getting a new app, going to a website, or use in medical facilities.

What is a Fake QR Code Scam?

Cybercriminals increasingly use malicious QR codes to trick consumers. QR con artists use new technology to get your banking information or hold your smartphone hostage by creating fake QR codes to scam the user. Both the Better Business Bureau and the FBI have noticed a growth in QR scams misleading consumers.

The FBI issued a QR code warning that says criminals are tampering with QR codes to redirect victims to malicious sites to steal login and financial information. A few years ago, scammers started putting stickers of fake QR codes over the real ones on restaurant tables, parking meters, flyers, or other public places where the codes were being used. They also send them out via email, claiming to offer deals or promotions.

How Does a QR Scam Work?

After replacing a legitimate QR code with a fake one, the cybercriminal prompts users to enter financial or personal information on a malicious website. The scammer can potentially steal funds and business or personal data from there. The QR code scams vary, but the goal is for the user to scan the code right away without taking a closer look at the QR code.

Hackers may also use QR codes in phishing emails because their codes aren’t picked up by security software, giving them a better chance to reach their intended targets than via the usual phishing attempts via attachments and bad links.

How to Prevent Being a Victim of a Fake QR Code?

QR codes are not naturally a malicious tool, so it is critical to practice caution when entering personal or financial information or providing payment via a site navigated by scanning a QR code.

Here are a few tips to prevent you or your business from becoming a victim of a cyber attack from a fraudulent QR code:

  • Codes embedded in emails are always a bad idea. Delete these emails immediately and notify your IT security team.

  • If a QR code leads you to a login screen, NEVER enter your credentials or login information.

  • Think before you scan the QR code. Be especially wary of codes posted in public places.

  • Take a good look at the QR code before scanning to see if it could be an added sticker or part of a bigger sign or display.

  • When you do scan a QR code, take a good look at the website that it led you to. Does the website look like you expected it to?

  • Be wary of QR codes sent via social media. Threat actors notoriously use hacked social media accounts to conduct these attacks.

  • Preview the URL from the QR code before clicking on it. Your phone will tell you the destination a QR code is trying to send you.

  • Never download a QR code scanning app. Only use your phone’s camera.

  • Do not download an app from a QR code. Use your phone’s app store for a safer download.

  • Avoid making payments through a website navigated from a QR code. Instead, manually enter a known and trusted URL to complete your payment.

Dan Zeiler

dan@zeiler.com

877-597-5900 x134

Dan Zeiler