QR codes can be used to quickly access a website, see a menu at a restaurant, pay for parking, board a plane, share contact information, and more. With countless ways to use QR codes, it's no surprise businesses and individuals are utilizing them more and more. However, like with most conveniences, we have to practice caution when scanning QR codes. Scammers can hide harmful links in QR codes with the purpose of stealing your personal information. We're sharing what you need to know to help you stay protected.
What is a QR Code?
A QR code (quick-response code) is a machine-readable code, typically used for storing URLs/web addresses or other information and can be scanned with your smartphone or tablet. QR codes have become popular for their ease of use, convenience, and because they're quick and easy to create.
How they try to scam you.
As QR codes have become more common, so have QR code scams. According to the Federal Trade Commission (FTC), scammers may try to con you by using the following tactics to steal information or load malware on your device:
- Cover up QR codes on parking meters or flyers with QR codes of their own.
- Send QR codes in texts and emails (also known as quishing) claiming:
- There is a package for you that couldn't be delivered, and you need to contact them to reschedule the delivery.
- There is a problem with your account and you need to confirm your account information.
- There is a problem with your payment and you need to scan the QR code provided and re-enter your payment information.
- They noticed suspicious activity on your account and your password needs to be changed.
- You've won a prize, like a free gift card, and you need to scan the code to claim your prize.
- Impersonate a charity or create a fake charity to steal your money or credit or debit card information by placing QR codes on flyers or by sending them to you by text or email.
How you can protect yourself.
QR Code scams, like most scams, create a sense of urgency in the hopes that you'll scan the QR code and open the URL without thinking about it. The scammers QR code may install malware on your device that allows them to control your device or steal your information. The QR code could also take you to a spoofed site that looks like a legitimate website but isn't. You can avoid becoming a victim of QR code scams by doing the following:
- Check or preview the QR code link before proceeding. A preview of the URL should appear on your phone when you scan a QR code. If it looks like a URL you recognize, make sure it's not spoofed by inspecting the URL for variations (".com" instead of ".org", a switched letter, or additional character) or misspelling.
- Check for tampering. If you're scanning a QR code that's in a public location, like a paid parking area or a restaurant, make sure the QR code doesn't have a sticker above it that could have been placed there by a scammer. Also, check for tampering on legitimate ads or offers you pick up or receive in the mail.
- Don't scan a QR code in an email, text, or personal message that you weren't expecting. Whether you've been approached online or in-person, don't scan QR codes from individuals or businesses you don't know. Be wary of offers that are too good to be true or if you're pressured into acting immediately. If you think the message could be genuine, contact the individual or company using a phone number or website you know is real.
- Examine the website. If you follow the link to the QR code, ask yourself if it's a reputable website. Be suspicious if you're asked for a password or login information after scanning a QR code. Typos, low-quality images, and incessant pop-ups are often signs of a fraudulent website. Also, look for a lock symbol next to the URL or "https://" in the URL to determine if the URL is secure.
- Protect your device and accounts. Keep the OS (Operating System) on your smartphone or tablet updated to help protect it against hackers. Protect your online accounts by using strong passwords and multi-factor authentication.
What should you do if you're a victim of a QR code scam?
- Change your passwords. If you entered your login information on a fraudulent website, change your password immediately. Additionally, you should set up two-factor or multi-factor authentication on your accounts.
- Contact your financial institution. If you entered your Members First credit or debit card information on a fraudulent website, contact Members First Credit Union of Florida immediately or call the number on the back of your payment card.
- Report the incident. File a report with the FTC so they can use the information to build cases against scammers. If you believe your identity has been compromised as a result of a QR code scam, go to identitytheft.gov to file a report and create a personal recovery plan.
« Return to "Blog"