Scammers never take a break from dreaming up new ways to con people out of their money. Recently, they’ve even been hijacking QR codes to pull scams on innocent victims. Here’s all you need to know about QR code scams and how to avoid them.
What’s a QR code?
Before we can explore the details of these scams, let’s understand what a QR code is and how one works. A QR code, which is an acronym for “Quick Response code,” is a square barcode that can be scanned using a smartphone. It leads directly to a website or app. Businesses use QR codes for any number of reasons, from posting online menus, to scanning coupons, to processing payments and more. In the no-touch era following the coronavirus lockdowns, QR codes are more ubiquitous than ever.
Ironically, QR codes should help prevent fraud, since they take the user directly to the desired site. They should make it harder for scammers to lure victims to bogus websites with URLs similar to the legitimate website. Unfortunately, though, scammers have found a way to weaponize QR codes, too. The technology necessary to create a QR code is not accessible for anyone. This makes QR code scams easy to pull off and difficult to identify.
How the scam plays out
In a QR code scam, a scammer will replace a legitimate QR code with their own code. A target will then scan the code and make a payment for a transaction. Unfortunately, they have sent their money directly to the scammer instead of making a payment for the transaction.
Recently, fraudsters replaced dozens of QR codes on public parking meters in San Antonio, Texas with their own codes. Drivers seeking to pay the meter costs scanned these codes and sent their payments to scammers. To make matters worse, many victims also unknowingly shared access to their phones with the scammers. This sets them up for future scams, as the criminals use information on the phone to pull off additional schemes.
How to avoid a QR code scam
QR code scams can be challenging to recognize. The FBI has advised against downloading an app from a QR code and/or downloading a QR code scanner app. However, there are ways to keep yourself safe from these scams.
When scanning a QR code, it’s a good idea to treat the link like any other email or text message. Proceed with caution and practice online safety measures as you would with any other online transaction. Check the source of the QR code and the URL it directs you to for signs of a secure site. This includes a lock icon, an “https” to start, and that its URL matches the URL of the intended destination.
If the webpage or app the code sends you to seems suspicious in any way, leave it. You can access the payment portal you need by visiting the app or website on your own.
When using a QR code, look for these red flags that can indicate a possible scam:
- The URL is different from the home site.
- The QR code is posted on a public sign or notice that seems to be tampered with.
- The site or app the code directs you to is full of typos.
Knowing how to recognize a QR code scam can prevent you from falling victim to this emerging scheme.
If you were scammed
Have you used a QR code to complete a payment then received an email claiming you haven't paid? Or that the payment failed? You may be the victim of a QR code scam. Let the company know that its QR code has been tampered with and alert the FTC as well.
Stay alert when using a QR code and stay safe!