QR codes are everywhere these days. From restaurant tables to Super Bowl ads, their range of uses and applications has boomed since the onset of the pandemic. As usual, cybercriminals have taken note. The FBI has warned consumers that hackers are now creating malicious QR codes designed to trick unsuspecting scanners into giving away banking or login information. In early January, residents and tourists of Austin, TX experienced this first-hand when tens of malicious QR code stickers were placed on parking meters, promising motorists that they would allow them to pay for parking online. Cyber experts have determined that as of now, scanning these suspicious codes won’t affect your phone by secretly downloading malware, but instead, will lead you do sites designed to phish for your financial or personal information.
So, what can you do to spot potential QR code scams?
- Think before you scan: This is most relevant for codes in public places. Does the sticker appear to be part of an advertisement, sign, or display? If it looks out of place, it probably is.
- If the scanned site looks strange or asks for sensitive information that doesn’t seem to be relevant, don’t give that information out.
- When in doubt, ask the store or display owner for a paper copy of the document you’re trying to access.
- Don’t scan codes within unsolicited mail: As far as emails go, there is virtually no legitimate reason that a trusted sender would require a receiver to use a second device to access a safe and legitimate site via email.
- This also applies to paper mail; if there’s a code in a piece of unsolicited junk mail, its safe to assume that scanning it may not be safe.
- Preview the code’s URL: Most smartphone cameras running the latest OS allow users to preview a code’s URL as you start to scan it. If the URL looks strange, trust your gut and move on.
- Using a free secure scanner app is also helpful in spotting malicious links before your phone opens them.
- Use a password manager: If a QR code takes you to a convincing, but fake, website that you have an account with, a password manager will still know the difference and won’t autofill your passwords.
If you’re interested in discussing online safety and how to avoid and recover from phishing scans, you can reach out to us at info@OptfinITy.com.