QR codes have become a mainstream tool for quickly accessing websites and other information. They are convenient and unfortunately, scam artists find them incredibly convenient as well.
Scams involving QR codes are one of the latest ways scammers are using to steal people’s identities and money. Scam artists can use a QR code to hide harmful links that steal personal information.
There are several ways scammers can use a QR code to target their victims. They can either put their QR codes over an existing harmless QR code or they will make up a scenario to get their victims to scan a QR code. Below are a few possible scenarios where scam artists can trick their victims into scanning a malicious QR code.
- Covering up the real QR code on restaurant menus, parking meters, signs in the community, and more with the harmful QR code.
- Sending a package in the mail addressed to their intended victims (usually no return address). The package will contain some sort of small gift and somewhere, either on the package or inside the package, there will be a QR code for the recipient to scan. The QR code will contain a harmful link that will steal personal information.
- Sending emails or text messages with a made-up reason for people to scan the QR code. They can range from messages saying they couldn’t deliver a package and the person must contact them to reschedule, to messages stating that there is a problem with a person’s account (can be from companies like mortgage lenders, credit cards, banks, utility companies, etc.), to reports of suspicious activity on a person’s account and they need to change their password.
As with most scams, the messages people receive that contain these harmful QR codes convey a sense of urgency. The scam artists want their victims to scan the QR codes and open the malicious links quickly without thinking about it.
The links associated with the harmful QR codes can take people to a legitimate-looking website where they are asked to log into their accounts or the link can install malware that can steal a person’s information.
The Federal Bureau of Investigation and the Federal Trade Commission urge people to be cautious when scanning QR codes.
The FTC gives tips for how people can stay safe from these malicious QR codes.
- Be wary of QR codes in unexpected places. Inspect the QR code/URL closely before you open it. The FTC said websites can be spoofed (or imitated) and that people should look out for misspellings or a switched letter in the URL.
- If an unexpected text message or email contains a QR code, especially if the message urges immediate action, do not scan the QR code or open the URL. Use a company’s phone number or legitimate website to contact the company instead of the URL.
- Update the cell phone’s OS (operating systems) to protect against hackers. Protect online accounts by using strong passwords and multi-factor authentication.
The FBI provides information on the latest scams and data regarding scams on their website at fbi.gov/how-we-can-help-you/scams-and-safety. Victims of scams are urged to report the crime to the FBI.