The current pandemic has provided a huge boost to various digital payment methods that use QR codes to ensure contactless payments. However, recent reports including the FBI have indicated a tremendous rise in scams and frauds through the use of fake QR codes.
Keep reading , to learn the best ways to identify a fake QR code and avoid getting scammed.
How QR Code Scams Work
You can’t tell what file or web page a QR code will open until you scan it, and even then the link displayed may not give you much of a clue. The link may be shortened, point to an unfamiliar location, or point to a site that automatically redirects you elsewhere. If that elsewhere is a brunch menu or the page for an event, no worries. But if it’s a malicious site—well, many worries.
Such sites go to work as soon as they start loading. Often, you don’t need to do anything other than follow the first link to open yourself up to cyberattack. Things that can wind up on your laptop or phone include keyloggers (hidden software that records everything you type, like passwords and personal email) and botnets (which steal your computer’s connection for the hacker’s purposes, such as using it in large-scale hacking efforts or Bitcoin mining).
This doesn’t mean you should never scan a QR code. These days, it’s hard to avoid them. What it does mean, though, is that you should think twice about what you scan.
How QR Code Scams Are Distributed
With QR code scams, it’s not so much about the type (it’s all basically the same approach) as the where and when. Some of the distribution methods for fraudulent QR codes include:
- Email: If you get an unsolicited email asking you to scan a QR code—don’t. Ever. It’s one of the easiest methods of distributing scam codes. The more “urgent” the email claims to be, the more suspicious you should be.
- Posters, restaurant tables, and other public spaces: When a QR code is presented in a public or outdoor setting, it can be as simple as putting a sticker with a different QR code over the legitimate code. Take a look at it, or run your fingers over it and see if you can detect tampering.
- A sticker or flyer: It’s not unusual for performers, artists, and event organizers to make stickers or print flyers with a QR code on them. Be very careful about scanning that code, especially if it’s just a sticker on a sign. Interested in what’s being promoted? Take a regular photo and then look it up online without scanning the QR code.
What Can You Do?
A few simple habits will help you avoid scanning a malicious QR code.
- Don’t download a QR code scanning app. The days of needing a third-party app are over. All major phone manufacturers have built QR code scanning into their devices, either as part of the device’s camera or located as an option in a toolbar.
- Don’t install an app you get by scanning a QR code. If you’re interested in an app, go to the official app store for Google or Apple and download it from there. Don’t trust the QR code, even if it says it’s taking you to the app store. And remember, you should always be careful about the apps you install, even if you get them from an official app store.
- Check the authenticity, especially in an outdoor location. It’s easy to slap a sticker over a legitimate QR code. If something seems off, like a visible sticker, ask your server or someone else who can verify its authenticity.
- If someone tells you it’s urgent, don’t do it. Scam QR codes rely on the same strategies as other types of phishing. One of those is creating a sense of unease that if you don’t do something right away there will be consequences. Don’t fall for it, no matter how successfully a message triggers your anxiety. If you think it might be legitimate, skip the scan and take the time to type in the URL or call a verified support number.