What Are QR Codes
Quick Response codes or QR codes, are now scattered all over society waiting to be scanned. You can find them on websites, posters, business cards, and even groceries. These convenient little squares can instantly take you to websites, connect you to Wi-Fi, or play videos with a quick scan from your smartphone. If most people found a QR code in an email that gave them a discount on their next cup of Starbucks coffee, they would scan it without giving it a second thought. Should you be so trusting of any random QR code that you find? I don’t think so. You should treat QR codes with as much caution as you would any other link you would find on the internet. Unlike a URL, which may have some hints to its fraudulence in the text, QR codes have nothing that would stand out. In fact, they all look identical to most people. Blindly trusting QR codes from strange sources could leave you vulnerable to sneaky scams.
QR Code Scams
One QR code scam in the Netherlands caused unsuspecting people to have their entire bank account wiped. The scammers would approach someone and ask them to scan a QR code with their banking app to help the scammer pay for parking. The scammer’s story is that they only had cash, so they would give the stranger 5 dollars in exchange for scanning the QR code to pay for parking. Victims would find their bank accounts completely wiped the next morning. Scanning this QR code was essentially the same thing as logging into a fake banking website with their log in credentials. With just a quick scan the scammers were given access to the victim’s bank account and the ability to move money wherever they wanted.
Another sneaky way that scammers trick people with QR codes is called clickjacking. This means they have gone out and replaced genuine QR codes with fake ones. If they can’t remove the genuine QR code they will just place the fake one on top of it. Typically, this is done at high traffic areas like malls, airports, or landmarks. Just like in a phishing email, the fake QR code will take people to a sketchy website once its scanned. There are other ways scammers may use these fake QR codes and you should always be cautious about using scanning them.
How To Avoid QR Code Scams
- Try to find a QR code scanner that shows the URL before it takes you to the website.
- Check if the QR code is actually just a sticker placed on top of the real QR code.
- Thoroughly examine the web page before making any payments.
- Do not scan QR codes from untrusted sources. Treat them like any other link.
- Check if the webpage you were taken to matches the URL you were supposed to be taken to.
- Do not trust shortened URL links.
- Do not use your banking app to scan QR codes unless you can verify the source.
QR codes take a little more effort to examine than the average phishing email but it is worth the effort. Just like with any social engineering attack, awareness is your best defense. For more general tips to avoid social engineering attacks check out our previous blog.