QR Code Phishing – To Scan or Not to Scan QR Codes

QR Code (Quick Response Code) is very useful but as with any good things some people unfortunately use it for bad purposes. One of the things these bad guys do is QR Code Phishing.

Sample QR Code Phishing or Scams

Here are few ways of QR Code phishing techniques employed by these cybercriminals.

  1. At public locations such as airports, stores and restaurants where hackers may have replaced an otherwise legitimate QR Code with a bogus one.
    Due to the pandemic, public places such as restaurants utilize the QR Code to enable the customers to view the menu online to avoid contact with a physical menu. Some of these hackers who are not restaurant employee would go to the restaurant and look for the QR Code and then without someone looking, they would secretly stick their own QR Code over the original one. This bogus QR Code when scanned would give you a malicious link that would redirect you to a fraudulent phishing website that may contain malware or ransomware that could steal your password or personal information. To avoid this, it is recommended to just search the restaurant on Google or Yelp to go to their website instead of scanning a potentially phony QR Code.
     
  2. At some popup COVID-19 testing sites that are fraudulent where they give you a QR Code to fill out your personal information and medical insurance information and then later not give you the test result since there was none and their only intention is to get your personal information and use it to hack your accounts or sell it.
  3. In flyers or fake ads on the street asking people to scan a QR Code to win a prize or some free money.
  4. QR code to pay a deposit using a Bitcoin ATM machine. Since QR Code links to the scammer’s bitcoin account, paying via bitcoin provides an instant way for victims to send them money and an irreversible way to get your money back.

How to avoid QR code scams

  1. Don’t scan QR codes and open links from strangers even if they promise a prize, free money, or a way to make a quick cash.
  2. Some scams may appear to come from legitimate sources like the restaurant example above. Check that the QR Code is not tampered or replaced before scanning. Or better yet, just go to their website directly by searching them on Google.
  3. Beware of signs that offer “free Wi-Fi” by using a QR Code especially somewhere you have not visited before. Except if you are at your friend’s house and you want to connect to their Wi-Fi via QR Code.
  4. Think twice about following shortened links generated by a QR Code. This could be a shortcut to a malicious website.. There’s no way to know where that link will take you.
  5. Try alternative payment methods. If you receive a bill with a QR Code for payment, check if there’s another way to pay, such as on the company’s website or simply through online bill pay to their known, legitimate website address.

QR codes although handy and very convenient tool still require your caution. You should keep an eye open when using them. If something doesn’t feel right, keep your smartphone in your pocket and away from that QR code.