Written by Bernie Carr
Just a quick post today, as I wanted to share this information to help you avoid getting scammed. You know those QR codes that have become so common? Well, cyber-crooks are now using them to scam people out of personal and financial information.
What are QR codes?
QR stands for “Quick Response.” The QR code is a square black and white barcode that contains information to provide access to a website, to prompt the download of an application, and to direct payment to an intended recipient. A lot of businesses started using them during the pandemic: restaurants now give you a QR code so you can see their menu on your phone, movie theaters give you a QR code as your ticket when you prepay online, airline tickets have them, and some businesses give you a QR code as a way to accept payments.
How are QR codes being used by scammers?
According to the FBI:
Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts.
Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.Source: FBI
If scammers gain entry to your phone via a bogus QR codes, they can potentially open bank or pay apps, add fake contacts, write a text, or make a phone call.
Where are fake QR codes showing up?
Recently, fake QR codes were found in parking meters in Austin, TX. This means that drivers who were trying to pay off their parking tickets may have been duped into downloading these malicious QR codes:
Over the weekend, Austin Transportation parking enforcement officers discovered QR codes on stickers affixed to more than two dozen pay stations across the City of Austin. People attempting to pay for parking using those QR codes may have been directed to a fraudulent website and submitted payment to a fraudulent vendor. The QR codes linked to a site that is not part of the City of Austin paid parking system and may have been created with malicious intent.Source: austintx.gov
The same type of parking meter scam codes have been found in downtown Houston as well as in San Antonio.
They may pop up in busy public locations such as bus stops, airports, restaurants and fast food – anywhere people congregate. You may also see them on flyers or ads stuck to your windshield, or even fake parking tickets. You may receive fake offers for debt consolidation by mail or email.
How to protect yourself from QR scams
- Just as you avoid scam emails and texts, you now have to watch out for QR code phishing tactics.
- Don’t scan any QR codes that may have been sent to you via email or text.
- Don’t open QR codes from strangers or social media. Watch out for QR codes posted in public areas. I’ve seen flyers that invite you to scan the QR codes for additional information. Don’t do it, as you never know where that QR codes might lead to.
- Don’t download an app from a QR code. Go to Google Play, Apple Store, or your phone’s app store to download legit apps.
- If you did use your mobile phone camera to download a QR code, say to view a restaurant menu, preview the code’s URL as the scan starts. A malicious domain name may look similar to the real URL but may have typos or a misplaced letter. If it looks sketchy, get out of there.
- If you receive an email that gives you a QR code to complete a payment (that they claim did not go through) don’t proceed. Avoid making any payments using a QR code. Instead, call your creditor directly.
- Avoid entering personal, financial information to sites you accessed via a QR code.
Some additional tips from the FBI:
Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.Source: FBI
If you are trying to find a site that you really wanted to see, let’s say you saw an advertisement, just manually enter the web address into your phone instead of scanning the QR codes. And if the site you reached is asking you to enter personal or financial information, just get out of it.
Finally, if you believe you have been a victim of stolen funds from a tampered QR code, report the incident to your local FBI field office at www.fbi.gov/contact-us/field-offices. Report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center at www.ic3.gov.
QR codes are indeed convenient and useful; unfortunately, cybercriminals found another way to take advantage of people so be aware and careful when dealing with QR codes.
We are an affiliate of Amazon.com, which means we received a small commission if you click through one of our Amazon links when you shop, at totally no cost to you. This helps keep the lights on at the blog. Thanks!
Bernie Carr is the founder of Apartment Prepper. She has written several books including the best-selling Prepper’s Pocket Guide, Jake and Miller’s Big Adventure, The Penny-Pinching Prepper and How to Prepare for Most Emergencies on a $50 a Month Budget. Bernie’s latest e-book, FRUGAL DIY has just been released on Amazon. Her work appears in sites such as the Allstate Blog and Clark.com, as well as print magazines such as Backwoods Survival Guide and Prepper Survival Guide. She has been featured in national publications such as Fox Business and Popular Mechanics. Learn more about Bernie here.