QR codes have become a staple of modern life in recent years. However, with growing popularity, security threats related to QR codes have also increased.
Currently, 2% of all scanned QR codes are malicious in some way.
The growth of QR code scams makes it important that people are aware of these security threats. Additionally, users must be aware of necessary steps to avoid falling victim to these QR scams.What are QR Code Scams?
QR scams are digital scams where you unintentionally scan a malicious QR code. These are very similar to the scams where you are asked to click on a malicious link which ends up stealing your data, sneaking malware into your device, or directly taking money and banking details.QR Code Safety Measures
a) Use a QR Code Scanner with Security Features
- Use security-focused QR code scanners that preview links before opening them, such as Kaspersky’s QR scanner. This software protects the device from malicious attacks.
b) Inspect the URL Before Clicking
- The majority of the QR codes are used to link a URL. Ensure you properly check the URL and look for legitimate domain names. Check for typos or strange characters in the link.
- Use online tools like URLVoid or Google Safe Browsing to verify the domain.
c) Verify the Source
- Check if the QR code is from trusted sources (official websites, brands, businesses, or people).
- Look for signs of tampering (stickers over existing codes). Many scammers might paste a fake QR code over the original one.
QR codes that you must Avoid
Public QR codes: QR codes in public spaces, like parks and plazas, have the highest risk of being unsecured. This is the easiest way for scammers to get victims. Try to avoid scanning QR codes in public. QR code received from an unknown source: Avoid scanning QR codes from unknown senders in your emails, texts, or flyers. Always double-check the source before scanning. QR codes sent through a link: If you are redirected to another page via shortened or obfuscated URLs, immediately go back and do not scan any QR code.Types of QR Code Scams
Quishing
Quishing (QR phishing) is similar to phishing with a QR involved. In 2024, 20% of all online scams were “Quishing” scams.
Scammers create QR codes that lead to fake websites that look authentic. These websites can be of your bank, favorite store, or social media network. Once scanned, you’re taken to these fake websites, and the next thing is you're giving your login details right to the scammer.Malware Installation
You might scan what looks like an innocent QR code, and the next thing you see is your phone downloading malware. Sometimes, it’s even without you noticing it. This malware (malicious software) can spy on your activity, steal your data, or even lock up your phone.Payment Interceptors
This scam is hitting businesses particularly hard. Scammers replace the legitimate payment QR codes with their fake codes. This can happen at restaurants, shops, or parking lots. When customers scan and pay, their money goes to the scammer's wallet instead of the business.Last year, a similar parking scam hit US cities, where scammers placed fake QR codes on meters. Drivers who scanned these codes to pay for parking unknowingly handed scammers access to their bank accounts. Click here to learn more about the case.
Data Snatchers
Some scammers will pretend to be marketers and slip malicious QR codes into flyers and mail advertisements. When scanned, these codes act like digital pickpockets, and snatch all the data they want. They can steal sensitive information stored on your phone – from your contact list and saved passwords to your banking details.What to Do If You Accidentally Scan a Malicious QR Code?
If you suspect any suspicious activity on your device after scanning a QR Code, follow these steps:- Immediately run a security scan.
- Do not enter any personal or financial information.
- Clear browser history and cache to prevent tracking.
- Delete important data to prevent it from getting stolen.
- Report phishing attempts to the appropriate cybersecurity agencies