Agencies
Services
Consumer protection
Think Before You Scan: How to Outsmart QR Code Scams
QR codes are everywhere these days. QR is short for “quick response.” As you might have guessed already, you’re not the only one who wants fast access—so do scammers, and they’re hiding harmful links in those boxes that can steal from you. This type of phishing scam has its own name—quishing.
Let’s take a closer look at how QR code scams work and some steps you can take to protect yourself.
How do these scams work? In a nutshell, a criminal finds a way to replace a legitimate QR code with a malicious code. This code then redirects users to a location online, such as:
- A fake website designed to steal your sensitive information.
- A site that automatically downloads spyware, malware or even ransomware to your device.
- A pop-up that redirects you to a fake payment page that tricks you into authorizing a payment.
QR code scams often work by embedding fraudulent code into unsolicited emails or texts. They also work through physical tampering. For example, a criminal can place a sticker with fraudulent code over an existing sticker in a public place, making it almost impossible to spot.
Fraudsters use different tricks to get you to scan a QR code without thinking, including:
- Fake texts and emails: With this type of scam, fraudsters try to convince you that you need to reschedule a delivery, authorize a partial refund or change your password to “protect your account.”
- Malware downloads: Malicious QR codes will download harmful software onto your device if you scan them.
- Unsolicited packages (aka brushing scams): Receive a package you didn’t order? Unsolicited packages with QR codes can lead you to phishing sites or download malware looking to steal your personal information.
- Overpayment alerts: With this scam, criminals send QR codes claiming you’re owed a refund for an overpayment.
- Counterfeit products: Fake goods often include QR codes that lead to fraudulent sites or malware.
- Fake coupons, restaurant codes and invoices: Scammers use counterfeit QR codes on fake coupons, menus or invoices to steal your data.
Does it feel like you are being pressured to scan the code? If so, stop and verify. And consider the messages accompanying the QR code: they may seem too good to be true. You might be asked to hand over sensitive information about yourself. Also, consider warning signs coming from your device itself. If you’ve been defrauded by a malicious QR code, it’s important to act quickly to limit damages and protect your identity from further harm.
Here are some important steps to take:
- Secure your device immediately.
- Update your account security.
- Report the scam to ReportFraud.ftc.gov.
- Notify your financial institutions.
For more information on how to avoid QR Code scams, access the full article here.
Brought to you by:
