Last week, the Federal Trade Commission (FTC) released a consumer alert regarding QR codes. Quick Response codes, or QR codes for short, store a variety of data. Most often, restaurants, retailers, and other businesses use this data to helpfully link to information on their websites. You also may have seen these codes on your plane or concert tickets. Or, when you pay for public parking.
Unfortunately, like most convenient technology, scammers have found a way to use QR codes for malicious acts. The FTC has stated that scammers are hiding harmful links within the codes. The reason? Your personal information, of course.
How QR Codes Can Be Misused
Stealing personal and business data is a lucrative crime. The more data gathered and stolen, the higher the pay. Cybercriminals then use the dark web to sell this information on sites similar to eBay or Etsy. Essentially, their own black marketplace – sometimes with seller ratings and holiday discounts!
In general, scammers will try to create a sense of urgency to get you to scan the QR code. They want you worried or distracted enough to not check the URL. “If it’s too good to be true, it probably is,” said Cody Daniels, Client Technology Manager at TREYSTA. “Be cautious of unprompted emails offering something enticing or prompting urgency.”
Alternatively, a scammer may tug at your heart with a fake donation campaign. Just a quick scan of the QR code and you’re helping those in need. Sadly, now your money is in the hands of the scammers.
Types of QR Code Scams
Here are a few techniques scammers will use to try to get your information:
Phishing Scams: Scammers embed malicious links in QR codes, leading users to fake websites designed to steal personal information. This may also be called “quishing” – a play on the words “phishing” and “QR”.
Malware Distribution: Some QR codes can trigger the download of malware, compromising the user\’s security. Malware is a type of malicious software that lets a scammer take over your device. Most often without your knowledge.
Replacing Legitimate QR Codes: Cybercriminals may replace authentic QR codes with fraudulent ones in public places, deceiving users into accessing harmful content. This could be as simple as replacing the menu QR code at a restaurant, a tip donation QR code, or a code to donate.
Use Caution when Scanning QR Codes
According to Business Inside, over 89 million users will use QR codes by the end of 2023. This high volume of use leaves plenty of room for user error and scammers to hit their marks.
However, the biggest way to protect yourself is to simply use caution. “Watch out for the 3 big ‘U\’s’: Unprompted, Unknown (Sender), Urgent,” stated Daniels. Did you expect the QR code? Do you know the sender? Is it demanding your attention?
Similarly, the FTC also cautioned, “Don’t scan a QR code in an email or text message you weren’t expecting — especially if it urges you to act immediately. If you think the message is legitimate, use a phone number or website you know is real to contact the company.” The warning furthermore stated to protect your online accounts by using “strong passwords and multi-factor authentication”.
Remember, check the URL before opening a link. Make sure there are no spelling mistakes and it’s a URL you already recognize. Always use strong passwords and multi-factor authentication to protect your accounts. Don’t react quickly – take a moment to review the information. Protect yourself and loved ones from QR code scams!
Partner with TREYSTA technology management
Don\’t leave your cybersecurity to chance. Join forces with TREYSTA technology management and experience the peace of mind that comes with knowing your organization is fortified against cyber threats. Contact us today to schedule a free consultation and take the first step toward a more secure future.
Find out why businesses in Harrisburg, Hanover, York, and throughout Central PA and Northern MD trust TREYSTA as their technology experts.
