QR codes are everywhere.
The COVID pandemic brought about an additional surge in their mass use as businesses transitioned to using QR codes from physical contact options.
Restaurants and bars adopted QR codes in lieu of physical printed menus. Many organizations utilized QR codes as a means of contactless access for members or employees to log in or clock in respectively.
Parking meters migrated from coin-based piggy banks to an all-digital system built on QR-code scanning.
As with any technological adoption where there’s widespread use, there are cybercriminals innovating new ways to exploit unsuspecting users.
Scammers and hackers are using QR code stickers applied over legitimate ones to trick people into entering their private payment information to fraudulent sites. In this blog, we'll explore the dangers of QR codes and how to protect yourself from falling victim to scams.
The Risks of QR Codes
QR codes are a great way to quickly and easily access information on your phone. They're also an easy way for scammers to access your personal information with a fraudulent link. One of the most common ways scammers use QR codes is by placing fake stickers on things we use every day, like parking meters or payment kiosks. When users scan the code, they are directed to a fraudulent payment site that looks like the real thing they’ve probably seen before. Once they enter their payment information, the scammers have access to their private financial data and can now use that credit card information maliciously.
Cybercriminals also send QR codes via email, text message, or social media direct messages. The codes may appear to be legitimate, but once shared and scanned, malware can be installed on the user's device in addition to the traditional fraudulent payment site scam. Obtaining authentication credentials is another attack method cybercriminals may use to obtain access to a given account or system via the QR code scan scam.
Protecting Yourself from QR Code Scams
So how do you protect yourself, and your company, from QR code scams?
Be cautious! Don’t scan any QR codes that appear to be layered over anything. Companies and organizations may opt to provide new QR codes with redesigning an entire piece so it’s always good practice to contact or ask an employee if they recently added or changed the menu to warrant an updated QR code on the table, menu, payment kiosk, etc.
If you're unsure whether a code is legitimate, do not scan it.
When it comes to digitally sent QR codes, ask the supposed sender to verify authenticity.
Don’t be afraid to report any suspicious activity to the establishment or organization you are visiting or notify the company being portrayed in any digital QR sends if something doesn’t seem right.
Another great way of layering in additional cybersecurity measures when scanning QR codes is by using a QR code scanner app. These apps can detect and block fraudulent sites and offer better scanning security than just using your camera.
Some smart devices provide built-in QR code scanners with destination link checking capabilities to warn you if the site appears to be unsafe. It’s always a good idea to heed these notifications and turn back instead of visiting the site.
The Bottom Line
QR codes are a convenient way we access information daily, but they also present a dangerous opportunity for hackers and scammers to prey upon our day-to-day actions.
Cybercriminals are increasingly using QR codes to trick us into giving away private payment information or credentials or even installing malware on devices.
By exercising caution and consistently training against the latest cyber threat themes circulating, you can mitigate the likelihood of falling for a fake QR code scam.
Using a QR code scanner app or your smart device’s built-in destination link security feature, you can protect yourself from falling victim to these innovative QR code scams.
Phishing kits are becoming one of the most accessible components within a cybercriminal's arsenal.
Deepfakes are on the rise with AI. Are you ready to defend against them?
We break down how to spot and avoid tax season phishing scams.
