Malicious QR Codes Are Booming
While Quick Response (QR) codes have been around since 1994 and were the ‘it’ marketing tool in the early 2000s, they found new utility during the pandemic as everyone was looking for ways to perform contactless activities. Whether linking to a restaurant menu, digital business card or virtual real estate tour, the convenience of QR codes is alluring to businesses and individuals alike.
A QR code is an open code that anyone can use and tools to generate them are freely available. They also rely on blind trust, so it is not surprising that the resurgence in their popularity has set off a notable rise in malicious use. The FBI recently issued a warning that criminals are taking advantage of this technology—mostly by directing QR code links to bogus sites to steal victim data or redirecting payment for criminal use.
Recent reports of larger-scale scams include public parking meters throughout Austin, Texas with fake QR codes that took victims to a fraudulent site to pay parking fees. Also, there has been a surge of phishing attacks that successfully exploit QR codes. Victims—even those who never click on suspicious email links—don’t hesitate to click-thru a QR code. Offering free Wi-Fi connections via a QR code is another prevalent scam where bad actors may embed malware on a victim's device.
How To Protect Yourself From QR Code Scams
Inspect the URL once you scan a QR code to confirm it is the intended destination of the link. Beware of typos or irregularities in the URL.
Refrain from entering personal or financial information into a site accessed by a QR code.
Instead of downloading an app from a QR code, only use your phone’s app store.
Be wary of any QR code that provides a link to an easy payment option.
Use your phone’s built-in QR scanner instead of downloading an app for that.
Verify a QR code is legitimate if you receive it from someone you know.