Cybercriminals are altering QR codes — How to avoid getting scammed

QR codes are seemingly everywhere now. Sure QR, or quick response, codes for smartphones have been around for at least a decade, but unlike other areas of the world like China, they never quite caught on here in the U.S. Until the pandemic, that is.

Suddenly we’re scanning black and white squares to look up restaurant menus, pay for drinks at bars, and check into doctors appointments.

And while the pandemic is—fingers crossed—under control, QR codes are still everywhere, and I love it. Scanning a code is easier than having to bug a waiter for a menu. Plus, I get to keep staring at my phone during dinner no matter how much my loving wife tells me to put it away.

But like any popular piece of technology, QR codes come with a risk. Cybercriminals are altering QR codes in public with stickers and sending phishing emails with malicious codes to trick people into visiting nefarious sites, downloading malware, and stealing user information.

There are, however, ways you can avoid falling victim to these scams.

Check for stickers and URLs

QR codes are generally used to quickly get you to a website without having to type in a URL. That’s more or less how those digital restaurant menus work. But, according to a recent FBI alert, cybercriminals are altering those codes to sucker victims into visiting fraudulent websites.

It’s not just restaurants, either. I’ve seen phony stickers slapped onto QR codes outside of a nearby elementary school that parents use to check their kids in each morning.

In this May 25, 2018, photo, a decal with a QR code at the entrance to a Chick-fil-A in Phillipsburg, N.J.,invites people to apply for work at the restaurant. On Tuesday, June 5, the Labor Department reports on job openings and labor turnover for April. (AP Photo/Ted Shaffrey)
QR code at the entrance to a Chick-fil-A in Phillipsburg, N.J.,invites people to apply for work at the restaurant. On Tuesday, June 5, the Labor Department reports on job openings and labor turnover for April. (AP Photo/Ted Shaffrey) (ASSOCIATED PRESS)

The gist of this approach is to try to get you to download an app that can steal your data. To ensure you don’t fall for a scam, check to see if a sticker has been placed on top of a QR code. If it looks like somebody tampered with a code, don’t scan it, and report it to the business where you found the fake code.

If you’re unsure of a code, check out the URL the QR code takes you to. If it’s not for the site you’re expecting, close out your browser immediately to prevent your device from potentially downloading any apps you don’t recognize.

Don’t enter your personal or payment information

If you’re using a QR code to make a payment or sign up for a service and you’re in a rush, it’s easy to forget to check the URL for the site you’re viewing. And that’s how cybercriminals get their victims.

To dodge this kind of scam, try to avoid entering your data in any web portal you access via a QR code. Instead, if you’ve got to make a payment or make an appointment for yourself, use the appropriate company or office’s website by typing in the URL on your own.

If you absolutely need to use a QR code to pay for something, double check that URL.

Don’t get stung by quishing scams

You’re heard of phishing scams where cybercriminals fire off emails or text messages designed to get you to download a malicious app or enter your information into a fake site. Well, let me introduce you to quishing.

Quishing scams happen when a cybercriminal sends you a phishing email, but instead of asking you to click a link or download a file, they want you to access a QR code. Yes, it sounds weird, but it’s out there.

To make sure you don’t get hit by a quishing scam, simply avoid scanning any QR codes you get via email. Simply treat them as you would any link. So if you’ve gotten an email with a QR code claiming it’s from Amazon or even a concert ticket provider, forget the QR code and visit the company’s website instead.

While QR codes provide a useful service, they’re also catnip for cybercriminals. But if you remain on your guard, you’ll take advantage of them without getting scammed.

More from Dan

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, YouTube, and reddit

Got a tip? Email Daniel Howley at [email protected]. Follow him on Twitter at @DanielHowley.

Advertisement