QR codes, short for "quick response codes," have become increasingly popular with businesses. They allow consumers to quickly access information online by scanning the code with their phone’s camera. QR codes can provide access to restaurant menus, theater programs and travel schedules, allow you to pay for parking, access promotional offers, and more. However, as they grow in popularity, fraudsters are starting to use them as a way to deceive and steal. According to the 2024 Phishing Threat Trends Report by Egress, QR code scams have increased 12.4% in recent years. By slapping a fraudulent QR code over a legitimate one in public, or sending emails with malicious codes to unsuspecting consumers, cyber criminals are hopeful they can get their hands on your personal and financial information.
Here are some tips to help you stay clear of QR code scams:
1. Verify QR code URLs before clicking. When you scan a QR code with your phone’s camera, you will typically be shown the URL that the code is pointing to. Be sure to review that URL before clicking on it to ensure it’s pointing to the website you expect. For example, if you scan a QR code for McDonalds, you should see a URL for mcdonalds.com. Seeing a URL for mcd0na1ds.com should raise some alarm bells. If a URL appears to have extra letters or dashes, or if it uses numbers in place of letters, it could be a sign that the link is malicious. If your phone's camera doesn't show a preview of the URL or takes you directly to a webpage after scanning, consider using aQR code scanning app instead of your phone’s camera so you can verify the link before clicking on it.
2. Avoid entering personal information on a page reached by QR code. Even if a QR code points to a link that looks legitimate, you should still exercise caution. If you're prompted to enter personal information or login credentials after scanning a QR code, consider closing out of the browser tab and visiting the business’ website directly in a new tab instead. That way you can be sure you’re not accidentally giving your sensitive information to a crook.
3. Be wary of unexpected QR codes in emails or texts. Sometimes scammers will send malicious QR codes via email or text, expecting that you’ll scan the code out of curiosity. In some cases, they’ll even send codes purporting to be from a legitimate business. Beware of any QR codes that are sent to you with “urgent” instructions or messaging, or messaging that is threatening, has grammatical errors, or is difficult to understand. You should also be wary of communications from companies you have never done business with, or that you haven’t interacted with in a long time. Always preview QR code links before clicking on them, and if you have any doubt that they were sent to you by a legitimate business, contact the business directly to verify them before visiting the URL.
4. Keep your phone up to date. Phones that are running out-of-date operating systems, browsers, and apps are more susceptible to cyber scams. By running the latest software updates and keeping your apps up to date, you will have a better chance of being protected from malicious links and downloads.
5. Protect your accounts. One way to help keep your information safe is to utilize multi-factor authentication whenever it is offered. Multi-factor authentication, also known as MFA, requires you to provide information beyond just a password when logging into an account. MFA can take the form of security codes, PIN numbers, or security questions. By having an extra layer of protection on your accounts, you can help keep them safe even if your login credentials fall into the wrong hands via a compromised QR code. You should also get in the habit of updating your passwords regularly so that they’ll be useless to cybercrooks who may get their hands on them.
In today’s world, cybercrimes are always evolving. You should always be on the lookout for things that seem a little off and be wary any time you’re asked to provide sensitive or financial information. Overall, the most important thing you can do is stay informed about the latest fraud tactics, and avoid letting scammers override your common sense.