Quick Response (QR) codes are small square barcodes that are designed to be scanned and read by smartphones. These codes allow you to enter websites, submit payments, and even complete downloads. Many businesses started relying on QR scan codes before the COVID-19 pandemic hit since they're extremely convenient. However, usage of QR codes has increased after COVID-19 due to the contactless feature.
Although QR codes have, for the most part, served as a safe way to advertise or download a restaurant's menu, cybercriminals have found a way to manipulate them. Here’s what online criminals are now doing to QR scan codes and how you can avoid falling victim to this scam.
The FBI says cybercriminals are generating QR scan codes that direct you to malicious websites.
Scammers have found a new way to steal your personal and financial information, through the use of fake QR scan codes. The FBI says cybercriminals are tampering with both digital and physical QR codes by replacing legitimate codes with those that are malicious.
Instead of performing the task you requested, the fake QR scan code might direct you to a malicious website that prompts you to log in and enter your financial information. By doing so, you give the cybercriminal access to your funds or other information that can be compromised.
Also, scammers are directing consumers to fake websites that might embed malware that can provide a cybercriminal with access to your devices, according to an FBI press release.
Can you protect yourself from fake QR scan codes?
Avoiding a fake QR scan code can be tricky, particularly because cybercriminals have grown rather clever in how they deceive you. However, there are a few precautions the FBI recommends you follow that can reduce your chances of falling victim to this scam.
- Be cautious as you navigate to a website from a QR code. If you’re prompted to log in or provide personal information, make sure you’ve been directed to a legitimate website.
- If you’re scanning a physical code, check to be sure the code hasn’t been tampered with. If the QR code appears to have a sticker on top of it, this could be a sign of a scam.
- Don’t download an app from a QR code. Instead, the FBI recommends that you use your phone’s app store for this.
- If you receive correspondence from a merchant you purchased from that indicates there was an issue with your payment, and you’re asked to complete the payment by scanning a QR code, contact the merchant to confirm this.
- Refrain from downloading a QR code scanner app as the FBI says this “increases your risk of downloading malware onto your device.”
- If someone you know sends a QR code, contact them directly to verify they sent the code. Online scammers will sometimes pose as someone you know or hack a friend or relative’s account to make it easier to convince you into scanning their fake QR code.
The FBI does advise anyone who believes they have been the victim of a QR scan code scam to contact their local FBI field office. It’s worth noting that the FBI says it “cannot guarantee the recovery of lost funds after transfer.” Therefore, you should consider implementing these tips before your next QR scan session.