Scams Hiding In QR Codes
Should you be trusting of any random QR code that you find? I don’t think so....
Scams Hiding In QR Codes
0
By Andre Herron Security Technology January 21, 2021

What Are QR Codes

Quick Response codes or QR codes, are now scattered all over society waiting to be scanned. You can find them on websites, posters, business cards, and even groceries. These convenient little squares can instantly take you to websites, connect you to Wi-Fi, or play videos with a quick scan from your smartphone. If most people found a QR code in an email that gave them a discount on their next cup of Starbucks coffee, they would scan it without giving it a second thought. Should you be so trusting of any random QR code that you find? I don’t think so. You should treat QR codes with as much caution as you would any other link you would find on the internet. Unlike a URL, which may have some hints to its fraudulence in the text, QR codes have nothing that would stand out. In fact, they all look identical to most people. Blindly trusting QR codes from strange sources could leave you vulnerable to sneaky scams.

QR Code Scams

One QR code scam in the Netherlands caused unsuspecting people to have their entire bank account wiped. The scammers would approach someone and ask them to scan a QR code with their banking app to help the scammer pay for parking. The scammer’s story is that they only had cash, so they would give the stranger 5 dollars in exchange for scanning the QR code to pay for parking. Victims would find their bank accounts completely wiped the next morning. Scanning this QR code was essentially the same thing as logging into a fake banking website with their log in credentials. With just a quick scan the scammers were given access to the victim’s bank account and the ability to move money wherever they wanted.

Another sneaky way that scammers trick people with QR codes is called clickjacking. This means they have gone out and replaced genuine QR codes with fake ones. If they can’t remove the genuine QR code they will just place the fake one on top of it. Typically, this is done at high traffic areas like malls, airports, or landmarks. Just like in a phishing email, the fake QR code will take people to a sketchy website once its scanned. There are other ways scammers may use these fake QR codes and you should always be cautious about using scanning them.

How To Avoid QR Code Scams

  • Try to find a QR code scanner that shows the URL before it takes you to the website.
  • Check if the QR code is actually just a sticker placed on top of the real QR code.
  • Thoroughly examine the web page before making any payments.
  • Do not scan QR codes from untrusted sources. Treat them like any other link.
  • Check if the webpage you were taken to matches the URL you were supposed to be taken to.
  • Do not trust shortened URL links.
  • Do not use your banking app to scan QR codes unless you can verify the source.

QR codes take a little more effort to examine than the average phishing email but it is worth the effort. Just like with any social engineering attack, awareness is your best defense. For more general tips to avoid social engineering attacks check out our previous blog.

Related Posts

Quick Tip: Protect Your Data With End-to-End Encryption

End-to-end encryption prevents outsiders from reading messages sent between a sender and receiver, whether it’s email, text messages, voice, video, or any other form of modern communication…..

0
08 Jul 2021
HTTPS, SSL, and TLS

Hyper Text Transfer Protocol Secure (HTTPS) is the solution to the security problem that plagued HTTP.

0
19 Aug 2020
Improve Your Home and Office Wi-Fi Quality

Spending a moment to manage your router’s channel settings could have a serious impact on your home WiFi speed and efficiency.

0
08 Jul 2020
Quick Tip: Update Your Apple Devices Now

Last week, Apple released a security update to address a zero-day, or previously unknown, vulnerability affecting IOS, IPadOS, and watchOS….

0
01 Apr 2021
Virtual Private Networks and Privacy

It is much more difficult to track you and associate your online activities back to you when using a VPN…

0
15 Jul 2020
7 Simple Tips to Make Your Android Phone More Secure

While privacy on Android may seem impossible, there are steps you can take to improve it….

2
16 May 2022
Big Data & Artificial Intelligence

Lorem Ipsum. Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit. Duis sed odio sit amet nibh vulputate cursus a sit amet mauris.

0
10 Jun 2020
Protect Your MFA Codes From Bots

The rise of these bot services is alarming because it shows a flaw in how services use MFA….

0
07 Oct 2021
10 Cyber Hygiene Tips to Form Good Security Habits

Forming good habits will help keep you safe online and mitigate risks to your devices…

0
01 Jul 2022
A Different Kind of Zombie Apocalypse

Someone else has the keys to your device, and they’re driving…

0
15 Oct 2020
Safety in Online Gaming

Being a part of a gaming community is fun but like any community, there is going to be some people who spoil the bunch.

0
05 Aug 2020
Passwords And Alternate Authentication Methods

Attackers understand that many users reuse passwords and often use bad passwords….

0
23 Sep 2020
Hardening Your Device’s Security

If your phone is confiscated or stolen, do you want all of your personal information in the hands of someone else? Not this guy!

0
29 Jul 2020
Hiding In Plain Sight – Steganography and Polyglot Files

Unlike with cryptography, steganography messages are readable to anyone with the tools to find them…..

0
22 Jul 2021
Travel Safety

Do you want a foreign government or the thief who steals your wallet or purse to have pictures of your family, along with your drivers license that has your address?

0
01 Jul 2020

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.