QR code scams are increasing, and consider your options carefully before scanning
Malicious QR codes are increasingly being used by cybercriminals to defraud consumers.
These days, QR codes can be found just about anywhere. Real estate listings, TV commercials, and social media posts touting what appear to be great deals on must-have items all feature the square barcodes.
As a result of the outbreak, QR codes have seen an increase in popularity. Rather than distributing physical menus to all customers, restaurants have turned to online menus that can be accessed on your phone. Find out what makes this house unique by scanning the tiny square.
As soon as cybercriminals realized this, they pounced, taking advantage of the technology’s undeniable benefits. Scammers are creating their own malicious QR codes in order to trick unsuspecting consumers into handing over their financial or personal data.
Because of this, cybercriminals are always looking for new vulnerabilities to exploit, says Angel Grant, VP of security at F5, an app security company. The same holds true for QR codes, which people are familiar with but may not understand how they work, she says. “Manipulating people is easier when they don’t understand what you’re doing.”
QR codes, which stand for “quick response,” were developed in Japan in the 1990s and have since spread throughout the world. Since their introduction in the automotive industry, they’ve found a home everywhere. You can now create your own using a variety of new websites and mobile applications.
Cybercriminals are now using them in a phishing email scam to their advantage. No malware will be downloaded to your phone by scanning the bogus QR codes. The problem is that it will lead you to websites that are designed to steal your personal information, such as your bank account or credit card.
It’s impossible to know how often QR codes are used maliciously, just like with any other phishing scheme. The BBB has received numerous reports of QR code scams in the past year, but experts say they still make up a small percentage of all phishing attempts.
In emails claiming to be from the bank, many people are aware that they should be on the lookout for phishing links and suspicious attachments. Most people don’t think twice before scanning a QR code with their smartphone camera.
The exact number of victims is unknown to the police. It is the department’s policy to contact anyone who believes their credit card information has been stolen by the fake website.
Phishing emails still include fake codes, but they are less common than other, more tried-and-true methods, such as attachments with viruses or links to scam websites. In an attempt to lure German-speaking mobile banking customers, Cofense recently discovered a phishing scam that included a QR code.
Phishing emails are much easier to send out than stickers on parking meters and bus stops, even if the success rate is lower. People should keep an eye out for QR codes, as they’re just another method for cybercriminals to get what they want.
A few pointers from the pros:
Be deliberate before you scan. Use extreme caution when deciphering codes that are displayed in public places. A closer look is in order. Exactly what do you mean by “sticker”? Ask for a paper copy of the document or manually type in the URL if the code does not appear to fit in with the background. Look at the website you were directed to after scanning a QR code.
Is it what you expected it to look like? Make sure that you don’t hand over any information that you don’t think is necessary.