How does the QR Code scam work?
Typically, scammers send an email, text message, flyer or mail containing a QR code. The victim scans the code with their phone’s camera and opens the link.
In some scams, the QR code directs the victim to a phishing site where they are prompted to enter personal information or login credentials that the scammers can steal. In other cases, the QR code allows the phone to automatically launch a payment application or track a malicious social media account.
Here are 6 things to keep in mind when scanning a QR Code:
Fraudsters are always looking for a way to manipulate new technology and QR codes have been heavily used by them.
1. Suspicious links
Never click on suspicious links or download suspicious files coming from strangers. Beware when a URL-shortened link appears when you scan a QR code.
2. Billpay scam
Avoid using the QR code to pay a bill unless you are sure that it is issued from the authentic supplier.
Beware of QR code placed in public areas (bus stops, restaurants, bike stations, …), because sometimes the suspicious ones are put directly over the original ones. Run your fingers over it before scanning and if there are raised corners or you notice that it is a sticker, chances are it is a QR code stuck on the original.
(Counterfeit QR Codes – Scam Detector (scam-detector.com), article also on how to report fake QR codes and how to protect yourself from them)
4. Trustworthy sources
Do not trust QR codes supposedly sent by a friend or a trustworthy source, that appear in a text, an online post or by email. Instead, use a search engine and visit a site with a domain you know, or you should always double check with the person that they really sent it before you can – call or visit the official website to confirm.
5. Fake menu
In a restaurant, if the code is stuck on the side of a napkin dispenser and looks suspicious, do not use it and ask for the menu.
6. QR scanner apps
Download a QR scanner application that check for malware or inappropriate content like Sophos Mobile Security and Kapersky.
Three frequent examples of QR code scams:
The easiest QR code scam, clickjacking is where people get paid to lure others into clicking on a certain link. This is most commonly found in tourist destinations where people expect to scan a code to get interesting information about the landmark, but the scam QR code takes them to a dodgy site and the clickjacking rep gets paid.
Small advance payment scam
For some services, you expect to make an advance payment before use it, such as to rent a shared bike. To go through the payment process, you simply scan the QR code on the bike. But the real QR codes can be replaced by scammers who receive the payments.
Phishing links can be disguised as QR codes easily. Phishers place QR codes where it makes sense for the user, such as for COVID-19 check-ins or menus on restaurant tables.
Here is an interesting example about $14.5 million worth of e-bike fraud in China: Attention! QR Code Frauds Steal 90 Million RMB in Guangzhou | 自由微信 | FreeWeChat
What is Fraud Week?
What is Identity Theft?
What is digital banking fraud?