It’s seemingly engrained in every aspect of our lives these days – technology. Technology continues to make everything faster, more convenient, and easily accessible. This is certainly true of quick response (QR) codes, those ubiquitous symbols you can find on everything from restaurant menus to product packages to advertisements. When you scan QR codes with a smartphone, you can access prices, instructions, product information, payment apps, and the list goes on.
However, as with most technologies, fraud perpetrators have found ways to exploit QR codes — and steal from consumers and organizations. Here’s what you need to know.
How Thieves Use Them
Last year, the FBI issued an alert about QR code tampering. Fraudsters replace or alter QR codes so that users are directed to malicious websites or inadvertently download malware onto their devices. Such schemes enable fraudsters to access victims’ account usernames and passwords and personal and financial information.
Unfortunately, it’s very easy for criminals to create QR codes using online tools. They replace the codes of legitimate organizations with their own by, for example, placing stickers over existing codes. Such stickers have been found on menus, parking meters, signs, and packaging of all kinds. Fraudsters also might include them in phishing emails or printed advertisements, coupons, or surveys sent through the U.S. Post Office.
Preventing QR fraud is similar in many ways to foiling phishing schemes. When you’re directed to a website, scrutinize it for authenticity. Fraudulent sites often look amateurish and feature misspellings and typos. The site’s name may be similar — but not quite the same — as the site you intended to visit. If you’re suspicious, don’t type in a username, password, or payment information. Leave the site immediately.
Other ways to avoid QR code traps are to:
- Inspect physical objects for stickers or other signs the original QR codes have been replaced.
- Be careful about scanning any QR code included in an email. Try to verify the authenticity of the email first.
- Use only your phone’s camera to scan codes. You shouldn’t download a QR code app.
- Don’t make payments via QR codes. Go directly to the website by typing in the URL and only use payment processing systems that encrypt your information with SSL or TLS protocols.
Organizations can help protect themselves by routinely checking online and physical sites where they’ve placed QR codes for signs of tampering. Include a message with your QR code telling customers hey should notify you if scanning your code takes them to a suspicious site.
Be On Guard
Not even QR codes are safe from fraud perpetrators. As with all types of fraud, your best defense is a good offense. Look closely at QR codes before you scan them and scrutinize the sites they lead to.