Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Scams for Scans: QR Codes See Surge in Popularity, As Well As Fraud

We ignored them for years, but it looks like the QR code may be here to stay.

“QR” is short for “Quick Response.” The QR code, simply put, is a type of bar code that is easily scannable with a smart phone, and links to a webpage with relevant information. People interested in a product could receive literature from a company directing them to visit a special website for exclusive discounts or promotions by scanning the QR code. Some businesses are even using QR codes to give customers links to payments (parking meters, for instance). Advantages to using QR codes include providing unique content, linking to how-to videos or product demos, or by giving the end user a touchless experience (which is why we’ve seen restaurants adopting them in lieu of a paper menu during the pandemic).

With the surge in QR codes’ popularity, it seems inevitable that scammers would find a way to take advantage. And that’s why, on January 18, 2022, the FBI issued this alert to consumers about QR code scams. As you can probably guess, criminals are creating their own QR codes codes to take victims to scam sites that attempt to steal financial information and data.

“Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information,” the FBI also warns.

Tips to avoid QR code scams

Because anyone can create a QR code, and you don’t know the destination URL of where the code is taking you prior to scanning it, take a good look at the URL that appears after you scan the code. Does it look like a legitimate, secure site? If you are expecting to submit payment, such as at a parking meter, look at the meter itself for clues on what company owns it. If you are in doubt, consider parking elsewhere, or using coins if that is an option.

Be especially cognizant of typosquatting, which is a practice of using URLs that are close in name to legitimate websites, but with slight misspellings that are easy to miss. When trying to complete an action quickly, such as paying a bill or feeding a parking meter, you may just tap through to the fraudulent site without noticing the misspelling.

You shouldn’t have to use a QR code scanner app in order to scan a code. Just use your phone’s camera. Using an app just increases your chances of downloading malware and falling prey to a scam.

In general, if you are in doubt about whether or not to trust a link, verify it yourself by navigating to the legitimate website.

Use the same level of scrutiny on a QR code that you would on a suspicious email and think twice about entering your bank information on a website that’s not completely trustworthy.

Stay safe against scammers and scan responsibly!