Quick Response codes (QR codes) are all around us. From restaurant menus to advertisements to sporting events, codes are a popular way to access a specific document or website quickly.
While QR codes have been around since 1994, they became more popular during the COVID-19 pandemic, fueled by the need for contactless, touch-free communication.
Nearly anyone can create a QR code, and the uses are almost endless.
Avoid QR Code Scams
While QR codes are quite useful, there are also risks involved. Whenever something becomes popular, cybercriminals look for ways to exploit users and steal their information.
Thieves are using QR codes to conduct "QRishing" scams which are similar to phishing scams. Scammers create their own QR codes, and when a user scans the code, it directs them to a website where they are tricked into entering payment information, user names, passwords and other personal details. Scammers can place QR codes anywhere: in physical locations or online on websites and email.
Cybercriminals can swap out a legitimate QR code for a malicious one. This can lead to malware being installed on your smartphone. Once the malware has been installed, cybercriminals can gain access to your phone and steal your personal information which can result in financial fraud, data theft, identity theft and account takeovers.
Tips To Protect Yourself
The QR codes themselves are not dangerous; it is where the QR code directs you than can be problematic.
- Don't scan QR codes sent in an email message or posted on social media. You should also avoid entering sweepstakes or participating in surveys from these codes.
- Use QR codes to pay for something only at trusted merchants and providers.
- Check the web address to be sure it is legitimate after scanning a code. Look for misspellings in the address.
- Don't use a QR code to download an app. Instead, get the app directly from the Google Play or Apple App store.
- Don't scan QR codes in public places or anywhere they can be easily tampered with.
- Don't scan codes on unexpected packages. A scam, known as "brushing," is when you receive a package you never ordered. These deliveries can contain malicious QR codes.
- Avoid using a QR code to pay bills or invoices. Instead, use more secure payment options.
- If it is a physical QR code, look for signs that the QR code has been tampered with such as a sticker placed over the true QR code.
- Don't download QR code apps, as many are fraudulent. Instead, use your phone's camera to scan codes.
- Install an antivirus app on your smartphone.
- Enable multifactor authentication on all your financial, email and other confidential accounts.
- Update your smartphone's operating system when prompted to do so. Updating ensures your phone is up to date with the most current security features.
Since QR codes are relatively new for many of us, we are more vulnerable to being exploited by them. Not enough research has been done to deal with QRishing. Use QR codes with caution until we learn more.