QR codes have seen quite a rise in popularity these days. You can often find them offline and online, on restaurant menus, flyers, posters, bus stops, websites, and more. With just about everyone owning a smartphone with a camera, QR codes are an incredibly convenient way to distribute information. Simply scan the code, and then you're directed to the webpage, download, or other online content. Unfortunately, as with most new technology, the rise in popularity of QR codes comes with an unfortunate dark side. Cybercriminals are exploiting this technology for nefarious purposes, primarily scammers creating fake QR codes to steal personal information or infect your device with malware. Just like with any link you find, it's crucial to exercise caution when scanning QR codes.
How Do QR Code Scams Work?
The scammer prints out a fake QR code and places it over a legitimate one. For example, they might stick it on a poster advertising a product discount or a movie. Once someone comes along and scans the fake QR code, thinking it's legitimate, it directs them to a phishing website. These sites often ask you to enter sensitive data such as credit card details, login credentials, or other personal information. Alternatively, scanning the QR code may prompt you to download a malicious app that can spy on your activity on the device or even lock your device until you pay a ransom. To break down that example, the scammer tactics you should watch out for include:
- Putting a fake QR code sticker over a real one.
- QR codes that lead users to counterfeit websites that ask for personal information.
- QR codes that start downloads of malware onto the user's device.
Of course, scammers are always looking for new tricks to pull a fast one on their victims, so it's a good idea to be vigilant and stay in the know on common scammer tactics.
Stay Vigilant: Tips for Safe QR Code Scanning
Avoid Suspicious Codes & Verify Sources
"Better safe than sorry" is a phrase that carries a lot of weight in the cybersecurity realm; if a QR code looks suspicious, refrain from scanning it. Scammers frequently take advantage of users' curiosity to trick them into falling for scams. Some things to look out for are if the QR code appears to be damaged or tampered with; this can be especially common in public areas. Be cautious before you scan any QR codes, especially if you cannot verify the source. It's always a good idea to attempt to verify the legitimacy of any QR code and its source before you scan it. Be especially wary if, after scanning the code, it prompts you to enter personal information.
Use a QR Code Scanner App
Consider using a dedicated QR code scanner app rather than the default camera app on your device. Some third-party apps provide extra security features, such as code analysis and website reputation checks. However, it is vital that you ensure the legitimacy and security of any third-party apps before you download them; research the app first and only download them from reputable app stores.
Inspect the URL Before Clicking
Just like you should with any link, review the URL the link is pointing to before visiting a website prompted by a QR code. Ensure it matches the legitimate website of the organization it claims to represent.
Be Wary of Websites Accessed via QR Code
Don't enter personal information, such as address, credit card details, login information, etc., on a website you accessed through a QR code. Additionally, never make any payments or donations through a QR code; only use trusted and secure payment methods.
Update Your Device and Apps
Keep your device's operating system and QR code scanning app current with the latest security patches. Regular updates often include security patches that protect against known vulnerabilities.