QR codes are a convenient, seemingly harmless way for consumers to get quick access to information, but they aren’t always what they seem. Unfortunately, the more prevalent new technologies become, the more ways scammers find to use them to their advantage.
We’re here to fill you in on what exactly a QR code scam is and how you can stay safe from them.
What Is a QR Code?
The term QR code is short for “quick response code.” These are basically a square-shaped, black-and-white digital code, similar to the rectangular barcodes that you see on packaging for consumer goods.
You can scan a QR code right from your smartphone’s camera and a link will pop up to wherever that QR code’s creators want it to take you. It’s an easy way for organizations and businesses to provide customers with quick information.
For example, restaurants often place QR codes right on their tables that allow you to quickly pull up a digital menu on your phone. Or, a QR code on an advertisement for a new app might take you right to where you can download the app. But that’s not all QR codes can do…
Can You Get Scammed With a QR Code?
While most QR codes are innocent and serve a legitimate purpose, there are also fraudulent QR codes out there that you need to be on the lookout for. A QR code scam can work in a variety of ways, but in general, they all try to get people to scan a QR code without thinking too much about where it came from.
How Do QR Code Scams Work?
Scammers send their fraudulent QR codes to their targets in different ways, such as by email, text message, or even a physical letter or flyer. They try to make the QR code look like it comes from a legitimate source so you’ll scan it to see what it’s all about.
However, once you scan a fraudulent QR code, it often takes you to a phishing site, a payment app, or a malicious social media account or website. The scammers then try to get sensitive information or direct payments from you.
For example, you might receive a QR code in an email that appears to be from a big company like Amazon. Then, when you scan it, it could take you to a malicious website that asks you to enter the username and password for your personal Amazon account.
How Do Scammers Get Your Information?
If a QR scam takes you to a phishing site, the rest of the scam plays out much like traditional phishing attacks. The site then prompts you to enter personal information, like your credit card number or bank account info, which the scammers then use to steal money from you. Or, it might try to get your login information for certain sites, so the scammers can hack your accounts.
QR code scams may also function like cryptocurrency and investment scams, taking you to payment apps or fake investment social media accounts. The scammers then prompt you to send them payments in Bitcoin or another currency, promising you a too-good-to-be-true return on your investment.
How To Avoid QR Scams
A lot of the ways you can stay safe from QR code scams are similar to the ways you can protect yourself from email phishing scams and other common online scams. Here are some of the top tips from the experts for avoiding QR code scams:
- Verify the source of the QR code
Whether you receive a QR code via email or text from a friend, or you get a QR code that appears to be from a company or a government agency, always double-check before you scan it.
Scammers often hack someone’s email or phone contacts to send out fraudulent QR codes to everyone they know. If someone you know sends a QR code to you, respond to them and ask whether they really sent it to make sure they weren’t hacked.
If the QR code came from an organization, check their official website or call their customer service to ask about it first. If you can’t verify any reason why the company would send you the QR code, don’t scan it.
- Never scan QR codes from strangers
If you receive a QR code from someone you don’t know, an email you don’t recognize, or a company you’ve never heard of, just don’t scan it. If you get an email with a QR code that looks legit, but comes from a strange email address, don’t scan it!
- Never provide passwords or other sensitive information
If a QR code pulls up a screen that prompts you to provide login information, banking information, or any other type of sensitive data, don’t continue. No legit organization should ever request this kind of information via QR code.
- Keep an eye out for legitimate advertising that has been tampered with
QR code scammers sometimes alter legit flyers, ads, or business cards by sticking a fraudulent QR code sticker on them. If you see QR codes that aren’t actually printed on advertising materials, don’t scan them.
Scammers have even been known to slap malicious QR codes on walls or post boards with other advertisements, hoping that curious people passing by will scan them.
- Be cautious about shortened links
Shortened links are often used by scammers to hide malicious links. If a QR code appears to be from a legit company, but the link it pulls up is shortened and doesn’t show you that it’s taking you to their official website, it’s probably best not to click on the link.
- Use a more secure QR code scanner app
Your phone probably has a built-in QR code scanner, but these aren’t always the most secure. Download a third-party QR code scanner from an antivirus company or another reputable source for added security. These can often identify fraudulent links right away to keep you safe.