Cyber Bytes: Don’t get swindled by QR Code Scams
You receive a package containing a Bluetooth speaker you didn’t order. It’s addressed to you but doesn’t say where it’s from. The package includes a manufacturer’s quick response (QR) card asking you to scan it for more information about your gift. You scan the code to see who it’s from. Instead of getting information, you get hacked. The QR code is bogus. The link gives the hackers access to your device before you know about the scam. They steal your banking information, drain your account and sell your data on the dark web.
This is a real-life scam called “brushing.” Scammers exploit your curiosity with an actual gift to catch you off guard. Learn more about QR codes and how to protect your data.
What are QR codes?
QR codes let you navigate to a website or other digital information without typing in a web address. From cashless vendors to product information to merchant offers to airline boarding passes, QR codes make it easier to share information digitally.
QR codes are like barcodes on products at the grocery store. But instead of lines, they look like an image of tiny squares on a white background. Your smartphone’s camera can read the information embedded inside the code. QR codes usually contain hyperlinks that take you to a website, discount coupon, menu or payment platform without requiring you to type anything into your browser.
QR codes have been around since the 1990s, but they’ve been rising in popularity worldwide since 2020. Businesses like them because they’re customizable and give targeted insight into consumer behavior.
Customers like them for their convenience and interactivity. Criminals like them because people aren’t paying attention, making it easier to lure victims to fake sites. This is known as “quishing.”
The Federal Trade Commission (FTC) has reported a rise in QR code swindles and is warning consumers to stay vigilant when using them.
How criminals use QR codes to scam you
QR codes loaded with malicious hyperlinks can bypass email security software, making phishing easier. Phishing is when scam artists trick you into giving them your personal information by pretending to be a company or service you trust. For example, they might send you an email or text that looks like it’s from your bank and ask you for your account details.
In a QR code scam, criminals embed false hyperlinks into QR codes and pass them off as authentic. You scan the codes, believing you’re going to a trusted company’s website. Instead, you end up on a fake but identical- looking site. Once you’re on the site, the crooks trick you into giving up personal information or downloading malware.
Criminals also tamper with publicly accessible QR codes. They put their corrupt codes over legitimate ones and wait for you to log in. From there, they steal personal information, passwords or financial details. Think parking payment meters that request credit card information or connections to Wi-Fi networks that can sniff out your phone activity.
Here are some other ways crafty criminals can con you with QR codes, according to the FTC:
Undeliverable package: They send a text stating you’ve missed a delivery and ask you to scan a QR code to reschedule before it’s returned. At the site, they request a password or credit card information to verify your identity. But instead of rescheduling a delivery, they steal your account information.
Mystery gift or ‘brushing’: This is a variation of the undeliverable package scam, except you really get a gift. It may be something like a speaker, jewelry or a makeup brush. Hackers do this because the value of your data far outweighs the cost of the gift.
Problem account: They send an email saying you’ve got a problem with your account. They tell you to scan a QR code to verify your account information so it won’t be deactivated. Instead of fixing your account, they steal your login information and use it for themselves.
Suspicious activity: They ask you to scan a QR code to stop fraudulent activity on your account. The code takes you to a site where they tell you to log in using your banking information. Once you do, they steal your information and drain your account.
Beware of urgent requests and fear tactics
The pattern among most scams is a sense of urgency, curiosity or emotional appeal, like fear. Resist the temptation to act on a seemingly urgent text or email and take a breath instead. Scammers don’t want you to think clearly. They want you to remain emotional and confused. This makes it easier to take advantage of you.
Legitimate companies will not ask you to disclose passwords, account numbers, authentication codes or Social Security numbers. If it doesn’t feel right, it probably isn’t. Trust your gut.
Avoid becoming a victim of a QR code scam
You can avoid becoming a victim of a QR scam with these tips:
Scan trusted codes: Don’t scan random QR codes, no matter how tempting. Publicly accessible QR codes that are easy to tamper with are prime targets for criminal operations. Only scan codes from reliable sources.
Verify the web address before acting: Some QR scanner apps can show you the destination website before opening it. Inspect the QR code hyperlink. Check for spelling errors, odd email addresses or redirects. If the link doesn’t look right, don’t click on it. Contact the company or manufacturer directly.
Update your device software: Update your mobile device and QR scanner apps regularly. Device updates usually include security patches that can protect against new threats.
Use QR code scanner apps with security features: Use a scanner with built-in safety. If your email antimalware software misses a threatening link, your secure QR code scanner might catch it. Some QR code scanners automatically save contact lists and read product bar codes.
Beware of Wi-Fi QR codes: Only scan Wi-Fi codes if you trust the host. These QR codes allow guests to connect to Wi-Fi networks without needing to log in, but they can also be malicious in the hands of a scammer. If the code looks out of place or suspicious, do not use it. Verify the Wi-Fi login with the establishment or ask an employee to give you a new code.
Report scams: If you encounter or suspect a QR code scam, report it to the Internet Crime Complaint Center. Your information could help combat future fraud.
QR codes are trending, and criminals are never far behind in exploiting trends. Use your knowledge and think before you scan. Stay cybersafe out there!
This content is for informational purposes only and not for the purpose of providing professional, financial, medical or legal advice. You should contact your licensed professional to obtain advice with respect to any particular issue or problem.
Copyright © 2024 Applied Systems, Inc. All rights reserved.