Most internet users are familiar with the usual scams to look out for:
Phishing emails are trying to steal your account login information, misspelt URLs attempting to access your bank accounts, and fake online storefronts billing you for products they are not going to send. It is time to be on the lookout for yet another growing scam: fake QR codes.
A QR code is a code that a smartphone can read. Their use has skyrocketed during the pandemic, so you’ve probably seen them. QR codes have begun to replace physical menus that spread germs in many restaurants. QR codes are those square barcodes that take you to a website or app when scanned by your smartphone’s camera.
QR codes seem to have been developed to prevent phishing. You don’t want to accidentally misspell a link, which could result in the user being taken to a scam website that mimics the actual legitimate site they intended to visit. You will be taken directly to the real website you intended to visit by scanning the QR code.
However, scammers have found a way to weaponize QR codes as well, as with most new and growing technologies.
QR codes began appearing on parking meters in San Antonio, Texas, in December. You can pay for your parking spot by scanning the barcode on your phone. Quick and simple, right? Not necessarily. Upon being notified of the incident, the San Antonio Police Department responded immediately. Easy, isn’t it? Said it was a scam.
Throughout the city, scammers had placed their own QR codes on public parking meters. The drivers who used them to pay the meters were sending their money or sensitive financial information to the scammers. Several other major cities in Texas, including Austin and Houston, have reported similar parking meter grifts, according to Ars Technica.
QR codes still represent only a small percentage of the scams spreading across the web. However, the Better Business Bureau saw enough of an increase in scam reports to issue its own “scam alert” on QR codes last year. Now that QR codes can be made by anyone, the technology has become accessible to everyone.
So, what should you do to avoid or mitigate risk?
QR codes should be treated as any other email you receive or text message you receive. All a QR code does is direct you to a link, whether it’s a login screen or a payment form, for instance. Check the QR code’s source and the URL it directs you to, just like you would when you receive an email with a link inside.
You can type out the URL yourself if something feels off about a page that the QR code directs you to. The links can be accessed without the QR code. Pay attention to advertisements and public notices that seem to be tampered with as well. On a poster or flyer you come across offline, a fraudster can easily add their own QR code over a legitimate one.
Even the most publicized online scams still trick people. We should nip this in the bud and try to minimize the damage caused by QR code scams before they blow up.