Don’t Fall For These QR Code Scams

You know, sometimes, you gotta give it up for crooks. I mean, they can adapt better and faster than many industries. Most of the time, these criminals prey on the elderly and there are times when I’m relieved my dad can’t see well enough to get on a computer because they would definitely drain his bank account and give his device multiple viruses a day. There’s no way he would be able to decline offers that claim he won a million dollars, or that a long lost family member left him their life savings or a hot date. All I would hear is click, click, click and then him shouting “What did I do? How could they?!”

Well, this time, the bad guys aren’t just targeting seniors with their newest scam. Thanks to the pandemic, almost everything has become contactless and I’m sure you’ve seen the QR tables at restaurants or airline clubs so you don’t have to touch the dirty menus. Everyone is at risk but especially travelers.

It turns out some QR codes can be an easy way for thieves to get your personal information. According to a public service announcement from the FBI: “The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.”

First of all, as the FBI explains: “A QR code is a square barcode that a smartphone camera can scan and read to provide quick access to a website, to prompt the download of an application, and to direct payment to an intended recipient. Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.”

Here are the tips the FBI recommends to protect yourself:

• Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
• Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
• If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
• Do not download an app from a QR code. Use your phone’s app store for a safer download.
• If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
• Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
• If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
• Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.

I can’t tell you how many times a week I get a text message and/or an email from a credit card company or bank that I actually do business with but it’s not really them contacting me. Even though the number or email address looks like it is but when I hover over the URL I see it’s a total scam. I consider myself very savvy and I’ve come close falling for it. My wife almost did too last year and wrote about it here.

So the purpose of this tip is not to scare you from using QR codes because they’re great.  But be more conscious and cautious about them and don’t input any personal information or credit cards unless you know it’s safe to do so.