Avoiding QR code scams
Share this article:
A January 2022 report from the FBI is putting people on their guard when using QR Codes.
QR codes — technically, quick response codes — are black-and-white squares that have become overwhelmingly popular throughout the pandemic as a way to promote touchless transactions. You have long been able to show a QR code on your smartphone screen to board an airplane or enter a sporting event; now you can use your phone's camera to scan a code to learn what’s on a restaurant menu or when the next bus is due.
The codes also appear in direct-mail ads and at retail outlets. Stroll a pharmacy's aisles and you'll see QR codes on packaging for a range of consumer products. Scan the code to visit a company's website, get more information about a product, or perhaps even score a coupon or discount.
While many of the machine-readable optical labels are trustworthy, some can be downright dangerous. Here are some things to keep in mind before scanning a QR code:
1. Fraudsters have used QR codes for years. The codes came on the scene in the 1990s when Japanese automakers used them to track parts and inventory. Cybercriminals always look to manipulate new technologies and QR codes were no different, then or now.
2. Just as you should never click on suspicious hyperlinks or download fishy attachments — especially anything sent by strangers — you should avoid suspicious QR codes, which can take you to sites that are created to look safe but aren't or sites that don’t look safe at all.
3. Criminals have been known to distribute fliers with malicious QR codes or to attach stickers with fraudulent codes over existing, legitimate ones in public places such as bus stops.
4. Codes embedded in emails are almost always a bad idea. Visit a website with a legitimate domain name to confirm.
5. Use a password manager. As with all kinds of phishing, if a QR code takes you to an especially convincing fake website, a password manager will still know the difference and won't autofill your passwords.
6. Trust your gut—if a code looks suspect, don’t use it.
7. Do not download an app from a QR code; instead use your phone’s app store.
8. Do not download a QR code scanner app. Most phones have a built-in scanner in their cameras.
9. If you recently bought something and you receive an email saying the payment failed and are asked to complete the payment through a QR code, call the company to verify this. Locate the company’s phone number from a trusted site, not the phone number given in the email.