QR or Quick Response Codes can be found anywhere these days. From ads to business cards and billboards, even on product packaging, in magazines, and so on. These little black-and-white square designs make finding more information easy. With the help of your smartphone, all you have to do is scan the code and be instantly directed to a website or even a coupon. But, unfortunately, they can also lead you straight into a cybercriminal’s trap!
How do QR code phishing scams work?
Cybercriminals are well aware that many people find QR Codes convenient and trust many of the sources they see a code is from. Just like other phishing scammers we’ve talked about in previous blogs, QR code phishers often pose as trusted businesses, such as banks, retailers, schools, and more. For example, a hacker might send you an email, flyer, letter, or message on social media containing a QR code for a special offer. Scanning it will lead you to a fake webpage that prompts you to fill in your personal information or login credentials to claim your offer. When you fill out this information, you’ll be sending it straight to the attacker, who can do with it whatever they wish.
QR Code Tampering
Another type of QR Phishing involves tampering with QR codes or placing fraudulent codes at locations where online payments are usually made. For example, an attacker could print phishing QR codes on stickers and place them over legitimate QR codes to fool more victims into using their codes instead. Since these codes appear in places where you expect to find a legitimate code, people will usually let down their guard. This is why it’s crucial to remain critical of every QR code you encounter, whether you expected to see one or not.
QR Code Viruses
If you’ve ever wondered if you could get a virus by simply scanning a QR code, the answer is yes. Cybercriminals can easily embed links to web pages containing viruses and other malware into QR codes. This malware can, in turn, compromise your sensitive data. Unfortunately, just scanning the QR code is sometimes enough for the malware to do its damage.
How to Protect Yourself from QR Code Scams
QR fraud is getting increasingly deceptive, which is why it’s important to recognize and prevent them. The best way to avoid becoming a QR fraud victim is never to scan a QR code you don’t trust. Here are some more ways you can take extra precautions:
- Skip QR codes that have been printed on a sticker. Random codes that have been stuck on telephone poles, street signs, bathrooms stalls or other possibly intriguing places might be a fun marketing campaign, or they might just be a not-so-fun scam. Also, double-check to make sure the code you’re scanning isn’t really a sticker that’s stuck on top of a legitimate code.
- If you receive a suspicious message with a QR code that has, supposedly, been sent by a reputable business, it’s a good idea to contact the company directlyto find out whether the message actually came from them.
- QR codes are generally used for paying money, not for receiving If someone asks you to scan a code to get paid, this is most likely a scam.
- Use a QR Reader with security features. There are a variety of QR reader apps to choose from. Choose one that verifies a website’s legitimacy and/or shows you a preview before automatically connecting you to the website.
- Check the URL address that pops up after scanning the QR code, before going to the website. Hackers often use shortened URLs so that victims could not see where they would be redirected to.
With the growing number of employees working from home and many companies adopting BYOD (bring your own device) policies, more and more hackers are targeting mobile devices in an attempt to gain access to corporate networks. As a result, ensuring your team is trained to recognize and prevent QR Code scams is more important than ever. The experts at Grand Technology Solutions can help you raise your cybersecurity awareness and provide you with tools and techniques you’ll need to protect your business from threats in 2022. Contact us today at (904) 606-6011 or email firstname.lastname@example.org to learn more.