Scanning QR Codes Safely

In recent years, you have likely begun seeing more and more of those square barcodes that you can scan simply by pointing your smartphone camera at it; these are known as QR codes and they seem to be nearly everywhere you turn these days. In the times where we all did not want to touch the same menus or brochures during the pandemic, many restaurants and local businesses opted to let patrons find out what was cooking or going on that day by scanning a code instead of the traditional handing out of paper materials. These little barcodes can be put on anything, from menus to shirts to physical advertisements and more. Unfortunately, as with most things, malicious actors online have found a way to spoil this technology for the rest of us. Scammers have latched onto the QR code and are using it to take our essential data.

The FBI warns that cybercriminals tampered with QR codes to steal usernames, passwords, financial information, and even money from some individuals who fell for their scams. Back in January of this year, it was found that these scammers were altering the QR codes put out in earnest by legitimate businesses and replacing them with malicious code. In addition to login and financial data, scanning a faulty QR code may result in cybercriminals gaining unwanted access to your location data as well - presenting threats to your physical well-being as well. 

QR, or quick response, codes are very common in our world today. Protect yourself when using these by following these tips:

• Do not fall for a follow-up QR code scam. Some scammers have combined QR codes and phishing to try to dupe you. If you have recently purchased something and later receive an email stating that you need to scan the QR code in order to access some sort of important information related to your order or in order to properly process your payment, then you can assume that that is a scam. If you are on the fence and unsure if a business does in fact want to use a QR code for a followup in their process, be sure to reach out and contact the business by some trusted means (their officially listed phone number or email address, for example) yourself. Do NOT use the phone number or email address also listed in the same email from the allegedly legitimate user.
• Do not download a special app to scan QR codes. Almost all smartphones now have the ability to scan a QR code built-in to the camera, so no additional apps are needed to scan a QR code. The introduction of a third-party app may give malicious actors another vulnerability to take advantage of, so it is best to use what is already apart of your phone rather than introducing an additional company into the mix.
• Be wary when scanning a QR code. Not to say that you cannot scan the brunch menu from a local restaurant to view from the comfort of your own phone, but be sure to take caution when scanning a QR code. Do not scan random codes which you are unsure of their original nature. Just as a phishing scam tries to get you to click on a bogus link, QR scammers want you to scan the fictitious link. Though this usually does not result in malware being put on the device, like we would see with phishing, it enables the ability to find out the information you might be sharing such as location or personal financial data. Use proper judgment when it comes to scanning QR codes in order to be safe when interacting with this technology.

‍

Image by Freepik.

‍