QR codes are just about everywhere these days. The pandemic has played a major role in the surge in usage of QR codes. UPI payments and other modes of digital payments have also made our lives undeniably easier. With these, users can send money to any account within seconds. Over the years, QR code scams have become more and more popular amongst cybercriminals. Just by getting you to scan a fake QR code, they can access your sensitive data. Victims can lose large amounts of money this way.
How does QR code scam work?
Cyber criminals make use of QR code phishing scams. In this, a cybercriminal will pose as someone you know or trust so they can obtain your data. Usually, phishing attacks happen via emails, phone calls, or social media. Cybercriminals have now turned to QR codes as well. Criminals might send you an email, flyer, letter, or message on social media containing a QR code. Scanning it will lead you to a page that prompts you to fill in your personal data or login credentials. The requested data might include sensitive information, like your online banking details. If you fill out this information, you’ll send it straight to the attacker, who can do with it whatever they wish.
Often “phishing QR codes” lead to fake websites that appear to belong to large and trustworthy organizations. Just like regular phishers, QR code phishers often pose as employees of big and important corporations, such as banks and other financial institutions.
How to avoid QR code scams?
Here are some tips to spot and avoid fraudulent QR code scams:
- A QR code is a tool that encourages you to act quickly – QR stands for “quick response.” It works well for advertisers, but it’s important to take your time and assess if you need to scan the code, and whether the information being asked for is legitimate.
- Once you’ve scanned the QR code, check the domain address that appears at the top of the browser. A red flag that the website or app that you’ve been directed to is a scam is when the domain doesn’t match the organization that provided the code. Close your browser page if the QR code you scanned opens up a suspicious site.
- Avoid scanning a QR code if it looks like a sticker covering another QR code, e.g. an advertisement on the street. Scammers can print fraudulent codes on stickers and affix them to legitimate ads.
- If you’re unsure about the legitimacy of the QR code, just manually search for the website you need.