QR codes are found everywhere, from boarding flights, entering concerts, to reading restaurant menus. But these codes can also be used by scammers to direct people to harmful websites. Scammers hide dangerous links in some QR codes, and once users click on these links, scammers can steal their personal information and install malware on their devices.
Scammers use deceptive tactics, including placing their own QR codes on top of legitimate codes on parking meters or sending the patterns to be scanned by text or email in ways that make them appear legitimate. They also create a sense of urgency by sending deceptive codes via text or email, posing as a company and claiming that there is suspicious information on a user’s account that requires immediate attention.
According to John Fokker, head of threat intelligence at a cybersecurity company, QR code attacks have increased significantly, with postal scams, malicious file sharing, and impersonating messages from various departments being the most common types of attacks. He also mentioned that mobile users are particularly vulnerable to these attacks compared to users of desktop computers due to the lower level of security and protection on mobile devices.
The Federal Trade Commission (F.T.C.) and other experts advise consumers to be cautious when scanning QR codes, especially if they were not expecting the message. They recommend checking the URL before opening the link and never opening links or downloading documents from unknown contacts. Additionally, using two-factor authentication and keeping software updated are other measures suggested to protect against QR code scams.
The F.B.I. has also issued an alert to consumers about the risk of malicious QR codes and advised users to download apps only from their smartphone’s app store rather than following links from QR codes.