QR codes are everywhere these days. You can find them on restaurant menus, flyers, and posters. They’re used both offline and online. QR codes are convenient and easy to use. You just scan them with your smartphone camera. You’re then directed to a link, a coupon, a video, or some other online content.
With the rise in popularity of QR codes comes an unfortunate dark side. Cybercriminals are exploiting this technology for nefarious purposes. Scammers create fake QR codes. They can steal your personal information. They can also infect your device with malware or trick you into paying money.
It’s crucial to exercise caution when scanning QR codes. This emerging scam highlights the potential dangers lurking behind those seemingly innocent squares.
The QR code resurgence
QR codes were originally designed for tracking parts in the automotive industry. They have experienced a renaissance in recent years as a result, and they’re used as a form of marketing today.
They offer the convenience of instant access to information. You simply scan a code. Unfortunately, cybercriminals are quick to adapt. A new phishing scam has emerged, exploiting the trust we place in QR codes.
How the scam works
The scammer prints out a fake QR code. They place it over a legitimate one. For example, they might stick it on a poster that advertises a product discount or a movie.
You come along and scan the fake QR code, thinking it’s legitimate. The fake code may direct you to a phishing website. These sites may ask you to enter sensitive data such as your credit card details, login credentials, or other personal information.
Or scanning the QR code may prompt you to download a malicious app. One that contains malware that can do one or more of the following:
- Spy on your activity
- Access your copy/paste history
- Access your contacts
- Lock your device until you pay a ransom
The code could also direct you to a payment page. A page that charges you a fee for something supposedly free.
Tactics to watch out for
Malicious codes concealed: Cybercriminals tamper with legitimate QR codes. They often add a fake QR code sticker over a real one. They embed malicious content or redirect users to fraudulent websites.
Fake promotions and contests: Scammers often use QR codes to lure users into fake promotions or contests. When users scan the code, it may direct them to a counterfeit website.
Malware distribution: Some malicious QR codes start downloads of malware onto the user’s device.
Tips for safe QR code scanning
Verify the source: Verify the legitimacy of the code and its source.
Use a QR code scanner app: Use a dedicated QR code scanner app rather than the default camera app on your device.
Inspect the URL before clicking: Before visiting a website prompted by a QR code, review the URL.
Avoid scanning suspicious codes: Trust your instincts. If a QR code looks suspicious, refrain from scanning it.
Update your device and apps: Keep your device’s operating system and QR code scanning apps up to date.
Be wary of websites accessed via QR code
Don’t enter any personal information on a website that you accessed through a QR code. This includes things like your address, credit card details, login information, etc. Don’t pay any money or make any donations through a QR code.