QR Code Scams on the Rise

Portions from cnet.com

If you’ve been to a restaurant or tried to pay for parking in the past year, odds are you’ve been told to scan a QR code to see the menu or feed the meter. Those little black and white squares that take you to the website you need may seem harmless, but fraudsters are finding ways to make use of them to gain your information. Recently, officials in Austin, Texas realized nearly 30 malicious QR code stickers had been placed on parking meters throughout their city. Instead of taking them to the city’s authorized website to pay for parking, motorists were led to a fake website that collected their credit card information.

According to the Better Business Bureau, while this type of scam represents a small percentage of overall phishing, numerous complaints involving QR codes have been reported to them over the past year. And it’s not only physical locations. QR codes are increasingly being included in emails, as they aren’t often picked up by security software since they’re not an attachment.

So, what should you do?

• Think before you scan – Is the QR code fuzzy at all? Is it a sticker or printed as part of a bigger display? If it looks like it doesn’t fit in with the background try typing in the URL manually of the site you’re trying to access. If you do scan, does the site look like you expect it to? Don’t provide login or bank information if it doesn’t seem needed.
• Don’t scan QR codes embedded in emails – They could easily just give you a link versus providing a QR code within an email so be suspicious.
• Preview the code’s URL – As you start to scan the code, your phone will preview the URL. If the web address looks strange, move on.
• Use a password manager – If a QR code takes you to an especially convincing fake website, a password manager will still know the difference and won’t autofill your passwords.