QR codes have become ubiquitous in the past few years as a touch-free way to see anything from restaurant menus to banking login pages. The codes, short for Quick Response, were created in Japan in the 1990s for use in the automotive industry. Now, every smartphone camera can scan these blocky images to redirect you to a webpage.
QR codes are like physical hyperlinks. When you see an intriguing business, you can check out its webpage by pointing your camera at its QR code. However, some scammers have seized this opportunity to trick unwitting victims into handing over their personal information. Here’s what to look out for when scammers are on the hunt.
QR code scams are just a new way to package an old scam. Criminals are still using classic phishing techniques underneath the scams, but they’re getting victims to hand over information by linking their fake sites through QR codes.
Here’s the good news: a hacker can’t take control of your phone by planting a malicious QR code in public. You’re not going to get a virus by pointing your camera at the wrong image. The bad news is that the scams are harder to recognize than you might expect.
The scams are devious because they’re simple. A scammer puts a QR sticker up in public, usually covering a genuine code. You’ll be directed to a genuine-looking website when you follow the link. For instance, you might be using the site to pay for parking. However, you’re not looking at the city’s website, but instead at a clever fake created by enterprising con artists.
When you put in your credit card information and other identifying data, you’re handing money to scammers. To make matters worse, you didn’t even pay for parking, meaning you might get a ticket from the city.
This scheme works because it’s hard to notice. You don’t usually know where a QR code is supposed to send you. As such, it’s tricky to cross-reference the address bar against what you should be seeing.
The best way to avoid these scams is to use your best judgment and back out from any web pages that look slightly off. Don’t give your personal information out on websites you can’t verify as authentic. When in doubt, avoid using links. Instead, type the URL you want to visit into your address bar!