Our Tip Sheet Info:

BE CAREFUL WHEN SCANNING QR CODES QR codes are everywhere these days. You can find them on restaurant menus, flyers, and posters. They’re used both offline and online. QR codes are convenient and easy to use. You just scan them with your smartphone camera. You’re then directed to a link, a coupon, a video, or some other online content.

With the rise in popularity of QR codes comes an unfortunate dark side. Cybercriminals are exploiting this technology for nefarious purposes. Scammers create fake QR codes. They can steal your personal information. They can also infect your device with malware or trick you into paying money.

It’s crucial to exercise caution when scanning QR codes. This emerging scam highlights the potential dangers lurking behind those seemingly innocent squares.

The QR Code Resurgence

QR codes were originally designed for tracking parts in the automotive industry. They have experienced a renaissance in recent years as a result, they’re used as a form of marketing today. They offer the convenience of instant access to information. You simply scan a code. Unfortunately, cybercriminals are quick to adapt. A new phishing scam has emerged, exploiting the trust we place in QR codes.

How the Scam Works

The scammer prints out a fake QR code. They place it over a legitimate one. For example, they might stick it on a poster that advertises a product discount or a movie. You come along and scan the fake QR code, thinking it’s legitimate. The fake code may direct you to a phishing website. These sites may ask you to enter sensitive data such as your credit card details, login credentials, or other personal information. Or scanning the QR code may prompt you to download a malicious app. One that contains malware that can do one or more of the following:

  • Spy on your activity
  • Access your copy/paste history
  • Access your contacts
  • Lock your device until you pay a ransom

The code could also direct you to a payment page. A page that charges you a fee for something supposedly free. Here are some tactics to watch out for.

Malicious Codes Concealed

Cybercriminals tamper with legitimate QR codes. They often add a fake QR code sticker over a real one. They embed malicious content or redirect users to fraudulent websites.

Fake Promotions and Contests

Scammers often use QR codes to lure users into fake promotions or contests. When users scan the code, it may direct them to a counterfeit website.

Malware Distribution

Some malicious QR codes start downloads of malware onto the user’s device.

STAY VIGILANT: TIPS FOR SAFE QR CODE SCANNING

Verify the Source – Verify the legitimacy of the code and its source.

Use a QR Code Scanner App – Use a dedicated QR code scanner app rather than the default camera app on your device.

Inspect the URL Before Clicking – Before visiting a website prompted by a QR code, review the URL. Avoid Scanning Suspicious Codes – Trust your instincts. If a QR code looks suspicious, refrain from scanning it. Update Your Device and Apps – Keep your device’s operating system and QR code scanning apps up to date.

Be Wary of Websites Accessed via QR Code – Don’t enter any personal information on a website that you accessed through a QR code. This includes things like your address, credit card details, login information, etc. Don’t pay any money or make any donations through a QR code.

Additional Information

QR (Quick Response) codes have become increasingly popular for their convenience and ease of use, allowing users to quickly access websites, payments, and other digital services. However, with their rise in popularity, QR codes have also become a tool for scammers to exploit unsuspecting individuals. Scammers use these codes to steal personal information, install malware, or redirect users to malicious websites. Understanding the risks associated with QR codes and learning how to stay safe is crucial in today’s digital world.

Common QR Code Scams

  1. Phishing Attacks: Just like email or text-based phishing attacks, scammers can use QR codes to direct victims to fake websites designed to steal sensitive information. These websites may look legitimate but are controlled by cybercriminals. Once the user inputs personal information, like login credentials or credit card details, scammers can misuse this data.
  2. Malware Installation: Scammers can embed malicious software into the link behind a QR code. By scanning the code, users may unknowingly download malware onto their device. This malware can monitor activities, steal sensitive information, or even lock users out of their devices until a ransom is paid (ransomware).
  3. Payment Fraud: QR codes are often used for quick payments in restaurants, parking lots, and online shopping. Scammers can replace legitimate QR codes with their own, redirecting payments to their accounts. This is especially dangerous in high-traffic areas or online, where users may not realize that the payment didn’t go to the intended recipient.
  4. Hijacking Legitimate Services: Some fraudsters print QR codes that look like they belong to legitimate services but have been altered. For example, a scammer might replace a restaurant’s QR code for online menus with one that leads to a fake website asking for personal information or a small fee for “accessing the menu.” This subtlety makes it difficult for users to detect fraud.
  5. Social Engineering Tactics: Some scams use QR codes as part of a broader scheme involving social engineering. For instance, a scammer might pose as a utility company or government agency, providing a QR code for “quick resolution” of an issue, such as unpaid bills or account verification. Users, eager to resolve the issue, may follow the link and provide personal details, only to realize later they’ve been duped.

How to Protect Yourself from QR Code Scams

Despite the potential risks, there are effective strategies to protect yourself from falling victim to QR code scams. By staying vigilant and following the tips below, you can use QR codes safely.

  1. Verify the Source: Before scanning any QR code, ensure that it comes from a trusted source. If you receive a QR code via email or text, confirm the sender’s identity. Scammers often impersonate legitimate companies, so it’s essential to double-check by contacting the company directly through their official website or phone number.
  2. Use a QR Code Scanner with Built-in Security: Many apps and devices have built-in QR code scanners, but it’s safer to use a scanner app that includes security features. These apps can check the URL or content before opening it, giving you an additional layer of protection. Some security software also offers this feature, warning you of potentially malicious websites linked to QR codes.
  3. Inspect Physical QR Codes Carefully: If you encounter a QR code in a public place (e.g., restaurant, concert venue, etc.), inspect it before scanning. Scammers sometimes place stickers with fraudulent QR codes over legitimate ones. If something looks out of place or if the code seems tampered with, avoid scanning it and notify the establishment.
  4. Be Wary of Shortened URLs: Sometimes QR codes link to shortened URLs (like bit.ly), which can obscure the final destination of the link. Shortened URLs are commonly used by scammers because they make it harder to identify if a website is legitimate. Try using tools that expand shortened URLs before you click on them, or better yet, avoid QR codes that don’t reveal their full URLs.
  5. Avoid Providing Personal Information After Scanning: Be cautious if a QR code directs you to a website that requests personal information, login details, or payment information. Legitimate services will rarely ask for sensitive details immediately after scanning a code. If you’re unsure, navigate to the website manually through your browser instead of using the QR code.
  6. Check for HTTPS: Before inputting any sensitive information after scanning a QR code, ensure the website uses a secure connection (indicated by “https://” in the URL). The “S” stands for “secure,” and the presence of this encryption ensures that any data you send is protected. If the website is not secured, do not proceed.
  7. Stay Informed: Cybercriminals are constantly evolving their tactics. Stay updated on the latest QR code scams and cybersecurity best practices by following trusted sources, such as cybersecurity blogs or news outlets. The more you know, the better you can protect yourself from falling victim to scams.
  8. Consider Manual Entry: In situations where you are unsure of the source of a QR code or feel suspicious, manually type the URL into your browser rather than scanning the code. It may take a few more seconds, but it provides an added layer of control over the situation.
  9. Monitor Your Financial Statements: Even if you take all precautions, it’s possible to fall victim to a QR code scam without realizing it immediately. Regularly check your bank statements and online accounts for any unauthorized transactions. Early detection can help you resolve fraud before it escalates.

While QR codes offer a convenient and efficient way to access information and services, they can also be a gateway for scammers to exploit users. By understanding the potential risks and adopting best practices, you can significantly reduce the chances of falling victim to a QR code scam. Always verify the source, use security tools, and be cautious when sharing personal information. With a little vigilance, you can enjoy the benefits of QR codes while staying protected from cyber threats.

Also be sure to check out KnowBe4’s blog post:
https://blog.knowbe4.com/qr-code-phishing-is-growing-more-sophisticated

Would you like a print copy of this infographic mailed to you?
Simply fill out the form below

Mail The Dangers of QR Code Scams and How to Stay Safe Security Smarts Tip Sheet

Your Name(Required)
Mailing Address(Required)
May we add you to our mailing list?(Required)