Sunday, October 6, 2024

QR Code Scams

 Scammers have been using QR Codes to trick victims for some time, but I'd say the FBI starting posting warnings about this around 2022.


The more common QR Codes become, the more scammers use them in their crimes.

Here are some recent ways scammers are using QR Codes:

1. You get an email or text that says you've won something, or the message is faked to look like it is coming from a bank or a credit card company or a vendor. You may even receive an actual letter or package with a QR Code on it (scammers need to work lots of potential victims so they try to use the cheapest methods). You are asked to scan the QR Code to take the next step or to 'confirm a transaction'. Often these QR Code redirect to fake websites that look real and proceed to steal your information. Sometimes this QR Codes just then download malware to your device. Don't do it!

A common one I've seen recently begins with a notification of ‘suspicious activity' on one of the victim's online accounts (the scammer is guessing and sometimes they guess right) and include a link or QR code for the user to verify their identity. Don't do it!

2. Government and utility imposters. This scam uses the name (and sometimes fake websites) to tell potential victims they have an outstanding debt that needs to be paid immediately or something terrible will happen (a warrant for arrest or if utility that your utilities will be shut off). The potential victim is told they can submit payment via a QR Code. Don't do it!

3. Parking meter payments. Fake QR Codes have been placed on the back of parking meters, leading potential victims to assume they can pay for parking through the QR Code if they do not have change. Do not do it!

How to avoid QR Scams

In general, I would not use them even though they are convenient, unless I had confirm the legitimacy of them by picking up the phone of that company, sending an email, getting into online chat, or asking on social media that it is, in fact, legitimate. Otherwise, skip the convenience of it.

Any text, email, call that uses language around 'act now or [fill in the blank with negative consequences] will happen' should be a big ole red flag for you. Stop and go another route or ignore the message completely.

It's not easy, but look for signs of tampering and layering of multiple stickers on top of one another or in a place that seems odd. Most businesses permanently install scannable QR codes using laminate or placing them behind glass in their establishments. They will often include the business’s logo in the code, often in the middle (not to say scammers won't eventually figure out how to fake this, too).

If a QR Code has redirected you to a website that request personal details or login credentials - STOP! Legitimate organizations typically do not ask for sensitive information through QR codes.

Use QR Codes through trusted applications on your mobile device. For example, through my big chain grocery store app on my phone, I use QR Codes to get additional discounts. I would never do this outside their official app.

Trust Your Intuition. If something feels off or suspicious about a QR code or the situation in which it is presented, trust your instincts and refrain from scanning it. Your intuition can often alert you to potential scams before they transpire.

Trust me, you'll be fine in the world not scanning that QR Code.

Now tell me you are NOT going to scan the below image just because I wanted to show you what a QR Code looks like. Don't do it. It's just an example. Really.