Phishing emails trying to steal your account logins, misspelled URLs attempting to access your bank accounts, fake online storefronts charging you for products they never intend to send. Well, it’s time to be on the lookout for yet another growing scam: fake QR codes.
What’s a QR code? You’ve likely seen them as their use has skyrocketed during the pandemic. Many restaurants have started using QR codes to replace physical, germ-spreading menus. QR codes are those little square barcodes that take you directly to a website or app when you scan them with your smartphone camera.
QR codes seem like they were made to deter phishing. There’s no need to type in a link and accidentally misspell it, which could result in the user being sent to a scam website meant to mimic the actual legitimate site they meant to visit. Just scan the QR code and you’ll go right to the real website you intended to go to.
However, as with most new and growing technologies, scammers have found a way to weaponize QR codes too.
In December, QR codes started popping up on public parking meters in San Antonio, Texas. Simply pull out your phone, scan the familiar barcode, and pay for your parking spot. Quick and simple, right? Not so. When the San Antonio Police Department was notified, they alerted the public: It was a scam.
Fraudsters had actually placed their own QR codes on public parking meters across the city. Drivers who used them to pay the meters were actually sending their money or sensitive financial account information to the scammers. As Ars Technica points out, other major cities in Texas, such as Austin and Houston, have reported similar parking meter grifts.
QR codes still make up just a small fraction of the scams proliferating across the web. However, the Better Business Bureau has experienced a noticeable enough uptick on its scam tracker to put out its own “scam alert” on QR codes last year. The technology has become accessible enough where anyone can make their own QR codes now.
So, what should you do to avoid or mitigate risk?
Treat QR codes you come across you just as you would any other email you receive or link that gets text messaged to you. All the QR code is doing is directing you to a link, whether that be a login screen or a payment form, for example. Double check the source of the QR code and the URL the QR code forwards you to just as you would when you receive an email with a link inside.
If something feels off about a page that the QR code directs you to, type out the URL yourself if you know it. These links are accessible without the barcode. Be on the lookout for advertisements and public notices that are tampered with too. A fraudster can easily stick their own QR code over a legitimate one on a poster or flyer you come across offline.
Even the most publicized online scams are still tricking people. Lets nip this in the bud and try to minimize the harm caused by QR code scams before they blow up.