QR code scams are on the rise. Here's how to avoid getting d

These days you see QR codes almost everywhere. The square barcodes appear everywhere: real estate listings, TV commercials, and social media posts advertising what appear to be great deals on must-have items.

The pandemic spurred the use of QR codes. Seeking to reduce potential transmission, restaurants replaced physical menus available to all customers with online versions accessible on their phones. Scan that little square and you’ll know what the house special is.

Cybercriminals quickly took note and are beginning to exploit the undeniable convenience of this technology. Fraudsters are creating malicious QR codes designed to trick unsuspecting consumers into handing over their banking or personal information.

“Every time a new technology comes along, cybercriminals try to find a way to exploit it,” says Angel Grant, vice president of security at F5, an application security company. This is especially true for technologies such as QR codes, which people know how to use but may not know how they work, he says. “It’s easier to manipulate people if they don’t understand it.”

QR codes – the abbreviation stands for “quick response” – were invented in Japan in the 1990s. They were first used in the automotive industry to manage production, but have spread far and wide. Websites and applications have appeared that allow you to create your own. 

Now, cybercriminals are taking advantage of them to put a twist on an email phishing scam. Scanning the fake QR codes won’t do anything to your phone, such as downloading malware in the background. However, it will take you to fraudulent websites designed to obtain a bank account, credit card, or other personal information. 

Like any other phishing scheme, it’s impossible to know exactly how often QR codes are used for malicious purposes. Experts say they still account for a small percentage of phishing overall, but numerous QR code scams have been reported to the Better Business Bureau, especially in the last year. 

Many people know to be on the lookout for fraudulent links and questionable attachments in emails purporting to be from the bank. But most people don’t think twice before scanning a QR code with their smartphone camera. 

Taking advantage of unsuspecting motorists could be behind the nearly 30 malicious QR code stickers recently found at parking meters in Austin, Texas, which uses QR code technology to allow drivers to pay for parking online. 

However, instead of accessing the website or city-sanctioned app, drivers who scanned the fraudulent stickers were taken to a fake website that collected their credit card information.

Police do not know how many people were duped. The department encourages anyone who thinks they may have had their credit card information stolen by the fake website to contact them.

Austin is not the only city that has experienced fake QR code scams. Authorities in San Antonio, Texas, about 130 miles away, issued a warning after spotting similar stickers connected to a fake parking payment website.

QR codes take people from the physical to the online world. That’s why it makes sense to use them on fraudulent stickers, as well as in paper spam, said Brad Haas, cyber threat intelligence analyst at Cofense, an email security firm. Get people to log in who haven’t already.

Haas says fraudulent QR codes are also starting to show up in phishing emails and online ads, a tactic that has him scratching his head. “There’s no reason for someone to pull out their phone and scan a QR code that’s in an email they’re already viewing on their laptop,” Haas says. After all, the recipient is already logged into their laptop – why would a legitimate sender want them to log in with a second device? That’s why consumers should look askance at any email containing a QR code, he says. 

Still, fake codes do appear in phishing e-mails, though not as frequently as proven tactics such as virus-containing attachments or links to fraudulent Web sites. Cofense recently detected a phishing scam targeting German speakers that included a QR code in an attempt to lure mobile banking users.

Hackers may like to use QR codes in phishing emails because they often go undetected by the security software, giving them a better chance of reaching their targets than malicious attachments or links, says Aaron Ansari, vice president of cloud security at antivirus firm Trend Micro.

Even if the success rate is lower, it is much easier to send millions of phishing emails than it is to physically place stickers on parking meters and bus stops.

In short, QR codes are one more way for cybercriminals to get what they want and one more threat to watch out for. 

“There are a lot of ways to get compromised these days,” Ansari said, “but it only takes one.”

Tips from the experts

Think before you scan. Be especially wary of codes posted in public places. Look closely – is it a sticker or part of a larger sign? If the code doesn’t seem to fit the background, ask for a paper copy of the document you want to access or type in the URL manually.

When scanning a QR code, take a good look at the website it took you to, recommends Haas. Does it look like you expected? If it asks for login or banking information that doesn’t seem necessary, don’t give it away. 

Embedded codes in e-mails are almost always a bad idea. Follow Haas’ advice and skip these codes altogether. The same goes for codes you receive in unsolicited junk mail, such as those offering debt consolidation help, Grant says.

Preview the URL of the code: Many smartphone cameras, including iPhones with the latest version of iOS, will give you a preview of a code’s URL when you start scanning it. If the URL looks strange, you may want to move on.

Better yet, Ansari recommends using a secure scanner app, designed to detect malicious links before your phone opens them. His company, Trend Micro, offers a free app, as do other major antivirus companies.

But stick to well-known security companies, he says. Malicious QR-scanning apps, designed to obtain user information, have hit app stores in the past.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

The New American Diet

Healthcare Search Engine Optimization