During Covid-19, QR codes made a comeback. For example, rather than seeing a physical menu at a local restaurant, servers asked patrons to scan a QR code at the table to access the restaurant’s menu. Unfortunately, cybercriminals saw this as an opportunity to use QR codes to scam users.

Since 2022, the FBI has warned that fake QR code scams are rising. So, here’s everything you need to know about QR scams so you can protect yourself and your data. 

What is a QR code?

A QR code, also known as a Quick Response code, is a unique code of black and white squares. These codes are scanned with an app or your phone and link users to data and information on the internet.

QR codes soar in popularity, but FBI issues safety warning
https://www.iptc.org/

QR Code Scams

Here are some of the most common QR code scams to be aware of.

Phishing

A phishing attack is when a cybercriminal poses as a person or organization you trust to get personal data from you. For example, a phishing QR code may take you to a fake website that appears to be a trustworthy organization but was created to steal your login information so they can access your data and steal from you. For example, you may see a phishing QR code in public at a restaurant or gas station, but it can also be in an email or a letter. 

Malware

In a malware attack, cybercriminals use QR codes to embed links to web pages containing viruses and other malware. When you scan the fraudulent QR code, you can accidentally give access to malware to damage your device or start tracking you and the information on your device.

Are QR Codes Dead? QR Code Statistics Say No
SproutQR.com

Payment Fraud

Now, there are places where you can access payment sites through a QR code. For example, some gas stations, restaurants, and parking meters direct consumers to a payment website via a QR code.

Cybercriminals sometimes cover up the original QR code with their fraudulent QR code to have you pay them instead of the correct vendor for goods or services. 

How to Protect Yourself From QR Code Scams

The best way to protect yourself from QR code scams is to avoid scanning QR codes you don’t trust.

However, with cybercriminals being stealthy, it’s not always easy to know which QR codes you can trust and which ones you can’t. Here are some specific ways to protect yourself from QR code scams:

  • According to the Better Business Bureau, it’s helpful to download a QR scanner with built-in security features, such as the Kaspersky QR Scanner
  • If you scan a QR code, check the URL before taking action or clicking on any links. If the web address doesn’t make sense with the company you thought you were scanning a QR code through, avoid clicking any links, and close the page. 
  • Install antivirus software on your devices. If you accidentally scan a malicious QR code, you’ll be better protected against potential malware if you have installed antivirus software. 
  • If you come across a QR code and are unsure whether you can trust it, try to look for information that you can type in manually first. For example, if you are at a parking meter, instead of scanning the QR code, try searching for a website that you can manually enter to make your payment. While it may take a few more seconds, it will save you time to unwind a fraudulent charge in the long run.

Next Steps if You Fall for a QR Code Scam

Even the most careful people can fall victim to scams from time to time. If that happens to you, here are the steps you should take immediately after realizing you may have fallen victim to a QR code scam:

  1. Start by contacting your bank account and informing them that you think your data may be at risk. They will block your account so money cannot be taken from your account. 
  2. Download antivirus software and run a virus scan to ensure your device doesn’t have malware.
  3. If you think the site may have stolen sensitive information, such as passwords or usernames, make sure you log into your accounts and change your passwords immediately. Furthermore, if you use the same username or password on any other accounts, make sure you change those.