Bad actors are always on the lookout for ways to scam people. They would do anything that could trick potential victims into sharing sensitive information.
Millions of people in the USA scan QR codes yearly for various reasons, such as to make a payment, transfer crypto funds, and access marketing materials. A restaurant might be offering an online menu and have an ordering system triggered by QR codes, or an event organizer might try to sell merchandise during a concert by asking people to scan QR codes and place orders, or a brand can send customers an email with QR codes that let them claim a gift card.
Whatever the reason, scanning QR codes has become a standard for people in the USA, with more than ten million Americans scanning codes at least once a year, and hackers are actively looking to exploit this trend.
Common QR Code Scams and Their Tactics
Online and Offline QR Code Scams
The QR code scams come in many shapes and forms. Attacks could be both online, in the body of an email or a YouTube streaming. Also offline, which requires fraudsters to amend or physically stick fake QR codes on top of the real ones. Hoping that potential victims would mistakenly scan the malicious QR code and end up sharing useful information.
Fake QR Codes and Spoofed Websites
Fake QR stickers take potential victims to a spoofed website. Where individuals might think it is the real deal to purchase concert merchandise or order food from a menu, only later to realize that the site is fake and the customer has been scammed.
Fake QR codes could also be found on products. Customers would think the code is genuine and scan it only to realize that the website loaded on the QR code is unauthentic. Even if a victim does not buy something or share personal or banking info, the fake QR code could take the person to a malicious website. This website could install a keylogger or other malware that spies on the victims and steals sensitive information.
Malicious QR Codes in Popular Media
Hackers sometimes create malicious codes and then try to find popular places to publish them. They could be mass-mailed to millions, published on social media, or even added to YouTube streams. The criminals hope that people watching in real-time will pull out smartphones, scan the code, and end up on malicious web pages that prompt the user to download a nasty file or provide real login information.
How to Protect Yourself from QR Code Scams
Avoid Scanning Random QR Codes
FBI has recommended a few solutions to help people avoid trouble. The agency advises people not to scan random QR codes and always to be suspicious if a site asks for login details right after scanning.
Verify the Authenticity of QR Codes
They also recommended not scanning codes received in emails and messages. Also always ensuring that the QR codes scanned physically are authentic and have not been tampered with.
Use Antivirus Software to Stay Safe
Lastly, the FBI mentions antivirus software. Folks with quality antivirus software installed on their connected devices likely have nothing to worry about. QR codes essentially take people to a website or prompt a download of an attachment. If the file or website has intrusive code trying to harm the user, the antivirus software will likely trigger a warning and prevent the person from opening it.