In an effort to minimize physical contact at businesses across the country in response to the COVID-19 pandemic, many businesses have turned to QR codes to guide customers to their apps, menus, events, or tracking services. parcel. However, BBB Scam Tracker is receiving reports of crooks who use QR codes as a disguise to direct victims to malicious websites, tricking the user into entering personal information or login credentials that the crooks can steal.
How the scam works
You come across a QR code through an email, direct social media message, text message, flyer, or other marketing material that seems legitimate. After scanning the code with your phone’s camera, your phone may direct you to a phishing website and ask the user to provide basic information to access the content. Other times, crooks use a QR code to automatically launch payment apps or track a malicious social network account.
In many cases, scammers who send fraudulent letters or emails include the official QR code of the organization or entity they claim to represent to appear more credible. A victim reported this tactic to BBB Scam Tracker when she received a fraudulent letter regarding student loan consolidation.
QR codes are also a common element in cryptocurrency scams, where Bitcoin addresses are often sent via QR codes. A consumer who was contacted by a “binary and forex” trader via Instagram regarding an investment opportunity said: “after paying the withdrawal fee through the Bitcoin machine and sending it to the QR code that m ‘was provided, I received another email saying I needed to pay a transfer fee. That’s when I realized something was wrong.
How to avoid QR scams
Confirm the QR code before scanning. If you receive a QR code from a friend via text or a social media message from a co-worker, be sure to confirm with that person that they wanted to send you the code to verify that they didn’t. not been hacked.
Don’t open links from strangers. If you receive an unsolicited message from a stranger that includes a QR code, BBB strongly recommends that you do not scan it. If the message accompanied by the code promises interesting gifts or investment opportunities, use extreme caution if you decide to interact with it.
Check the source. If a QR code appears to be from a trusted source, it is wise to check with the company or entity to verify its authenticity. Call or visit their official website to confirm that it is legitimate and that the source of the communication is part of the organization.
Beware of short links. If a shortened URL appears when scanning a QR code, there is no way of knowing where the code will take you once the link is followed. It could be a pretext for a malicious website.
Check that there is no tampering. Some scammers attempt to mislead consumers by modifying legitimate commercial advertisements or placing sticks over the QR code. Keep an eye out for signs of tampering and, if discovered, notify the business or entity to make sure the displayed QR code is genuine.
Install a QR scanner with additional security. Some antivirus companies have QR scanner apps that check the security of a scanned link before it opens. These apps can help identify phishing websites, forced app downloads, and other unsafe links.
To learn more about protecting your information online, read the BBB’s advice on data privacy and cybersecurity.
If you’ve been the victim of a QR scam, report it to BBB.org/ScamTracker. Your report can prevent someone else from being a victim.