By now, most internet users know the usual scams to look out for: Phishing emails trying to steal your account logins, misspelled URLs attempting to access your bank accounts, fake online storefronts charging you for products they never intend to send.
Well, it’s time to be on the lookout for yet another growing scam: fake QR codes.
What’s a QR code? You’ve likely seen them as their use skyrocketed during the pandemic. Many restaurants have started using QR codes to replace physical, germ-covered menus. QR codes are those little square barcodes that take you directly to a website or app when you scan them with your smartphone camera.
QR codes seem like they were made to deter phishing. There’s no need to type in a link and accidentally misspell it, which could result in the user being sent to a scam website meant to mimic the actual legitimate site they meant to visit. Just scan the QR code and you’ll go right to the real website you intended to go to.
However, as with most new and growing technologies, scammers have found a way to weaponize QR codes too.
In December 2021, QR codes started popping up on public parking meters in San Antonio, Texas. Simply pull out your phone, scan the familiar barcode, and pay for your parking spot. Quick and simple, right? Not so. When the San Antonio Police Department was notified, they alerted the public that the QR codes were a scam.
Fraudsters had actually placed their own QR codes on public parking meters across the city. Drivers who used them to pay the meters were actually sending their money or sensitive financial account information to the scammers. As Ars Technica points out, other major cities in Texas, such as Austin and Houston, have reported similar parking meter grifts.
QR codes still make up just a small fraction of the scams proliferating across the web. However, the Better Business Bureau has experienced a noticeable enough uptick on its scam tracker to put out its own « scam alert » on QR codes in 2021. The technology has become accessible enough where anyone can make their own QR codes now.
So, what should you do to avoid scammy QR codes?
Treat QR codes you come across you just as you would any other email you receive or link that gets text messaged to you. All the QR code is doing is directing you to a link, whether that be a login screen or a payment form, for example. Double check the source of the QR code and the URL the QR code sends you to just as you would when you receive an email with a link inside.
If something feels off about a page that the QR code displays, type out the URL yourself if you know it. These links are accessible without the barcode. Be on the lookout for advertisements and public notices that are tampered with too. A fraudster can easily stick their own QR code over a legitimate one on a poster or flyer you come across offline.
The BBB suggests going a step further by downloading a QR Scanner with built-in security features, such as the Kaspersky QR Scanner (available on iOS and Android).
Even the most publicized online scams are still tricking people. Let’s nip this in the bud and try to minimize the harm caused by QR code scams before they blow up.