QR codes are everywhere. You might have used one to view a restaurant's menu or to make a payment for public parking. You might have used one on your mobile device to enter a concert or sports event or board an airplane. Countless other ways to use them explain their popularity.
Regrettably, fraudsters conceal malicious links within QR codes to steal personal data. Here are some examples of how scammers may try to get your information:
- Overlay their own QR codes on top of the ones on parking meters.
- A fraudster's QR code might redirect you to a counterfeit site that appears legitimate but isn't. If you sign in to the counterfeit site, the fraudsters could pilfer any data you input. Alternatively, the QR code could download malware that swipes your data before you even notice it.
- Send a QR code to you via SMS or email, fabricating a justification for you to scan it. These deceptive messages may include:
- They say they couldn't deliver your package, and you must contact them to schedule a new delivery.
- Faking an issue with your account, you need to verify your details.
- Asserting they detected unusual activity on your account, you must change your password.
These are all false statements they use to instill a sense of urgency. They aim for you to scan the QR code and access the URL without giving it a second thought.
Prevention Tips
How can you protect yourself?
- Should you encounter a QR code in a surprising location, scrutinize the URL before opening it. If you see a URL you know, make sure it's confirmed by checking for mistakes like misspelled words or wrong letters.
- Don't scan a QR code from an unexpected email or text, especially if it tells you to act quickly. If you believe the message is authentic, contact the company using a verified phone number or website.
- Protect your phone and accounts. Keep your phone updated to stay safe from hackers. Use strong passwords and multi-factor authentication to protect your online accounts.
