Cybercriminals Are Now Using QR Codes to Scam People

By Whitney White | 2 days ago

qr codes

There’s a good chance you’ve seen a QR code before. QR codes, which are square barcodes, can be seen almost anywhere these days. From real estate listings to television advertisements, and all across social media, these codes help businesses connect with and relay information to consumers. 

The pandemic sparked a spike in the usage of QR codes. Many restaurants replaced physical menus with online versions accessible on smartphones by scanning a QR code. Once a customer scans the code, a menu pops open on the customer’s phone, easily allowing them to see the available items. Cybercriminals rapidly noticed QR code technology’s undeniable convenience and began to take advantage of it. 

Scammers and hackers are building their own dangerous QR codes to trick people into giving up their banking and/or personally identifiable information. Some cybercriminals are using QR codes in variations on an email phishing scam. Scanning the fake QR codes will have no effect on your phone when it comes to downloading malware in the background. However, it will redirect you to shady websites that are specially designed to steal your bank account, credit card number, or other sensitive information.

Even though the success rate is lower, sending millions of phishing emails is a lot easier than physically placing stickers on parking meters and bus stations. In the end, QR codes are just another means for cybercriminals to get what they want, and yet another threat that people should be aware of. According to Aaron Ansari, Trend Micro’s vice president of cloud security, hackers may prefer utilizing the codes in phishing emails since they are generally overlooked by security software, giving them a better chance of reaching their intended targets than files or malicious links. 

It’s impossible to say how often QR codes are used for harmful intentions, much like any other phishing scam. Experts believe those scams still make up a small percentage of overall phishing, but the Better Business Bureau has received countless reports of QR code frauds in the last year. About 30 fraudulent codes were recently discovered on parking meters in Austin, Texas. 

Rather than being directed to the city’s official website or app, those who scanned the malicious QR codes were directed to a phony website that collected their credit card information. The number of people that were fooled by the malicious codes is unknown to the police. Anyone who believes their credit card information was taken by the phony website is encouraged to contact the department.

To avoid being scammed when scanning QR codes, always take a close look at the website you are directed to. If it asks for login or financial information that does not appear to be required, do not provide it. Brad Haas, a cyber threat intelligence analyst for an email security company says emails with codes are almost always a bad idea and should be avoided at all costs. The same is true for codes found in unsolicited paper junk mail, particularly those advertising debt consolidation assistance. Keep in mind that as you start scanning QR codes, many smartphone cameras, including iPhones running the current version of iOS, will show you a sample of the URL. If the URL appears to be weird or not correct, don’t click on it.

One of the best ways to stay away from scams involving QR codes is to use a security scanner app. A security scanner app helps detect dangerous URLs before a phone actually opens them. Lastly, it is recommended to use a password manager to keep track of your passwords. If a code leads you to a particularly convincing phony website, a password manager will recognize the difference and won’t autofill your passwords.