With the alarming emergence of new QR code scams, QR Code Generator has revealed some expert tips to avoid falling victim to false codes and phishing scams.
Marc Porcar, CEO of QR Code Generator said, “QR codes are an incredibly useful invention, but their relative novelty means that scammers are only recently coming around to exploiting them for malicious intentions.”
- Avoid payments using public QR codes
Any QR code is susceptible to tampering, but those in those placed in public are particularly so. With payment being one of the prime purposes of QR codes, make sure any code you scan in public is untampered.
If scanning a publicly placed QR code, such as in a parking lot, check for signs that the code is the one you wish to scan. For example, is there actually a sticker over the original code that you are scanning instead, or any other suspicious signs? A QR code scam will direct a device to an official-looking, but phony website, which can steal credit card information when entered. QR codes created for such scams could be found in restaurants, shopping malls, bars, or a number of other public places. Parking lot scams, however, are particularly identified as on the rise currently. If in doubt, do not pay through a QR code. There is almost always an alternative way to make a payment, like entering the URL yourself.
- Do not scan QR codes from unsolicited emails
Email inboxes are often bombarded with links and attachments that may be malicious. While most email services can detect these, they usually can not for QR codes. Always think: Do I know the sender of this email? If so, are they definitely who they claim to be? Many scams claim to come from a trusted retailer like Amazon. Generally, simply avoid scanning QR codes in emails altogether.
- Check the destination of any QR code
Your phone will display the URL to which a QR code is trying to send you and only take you there if permitted. Check the URL is legitimate by looking out for extended domain names. Multiple hyphens and symbols are common in malicious links, and known names may be included in the URL to trick you, just because a URL has ‘Google’ in it, it does not mean it is legitimate, so look out for suspicious URLs.
It is possible to end up on a malicious website, even after taking great care, so when you have landed on a site through a QR code, remain vigilant. Unprofessional design, low-resolution images, poor grammar, or typos, can be telltale signs of a fraudulent website.
- Do not be a victim of your own curiosity
Similar to how email scammers may entice victims, scanning a QR code may be incentivized with the promise of a reward, or by creating curiosity to bypass your suspicions. Be extremely wary of any QR code that gives you the chance to ‘win’ anything, offers up a survey, or particularly promises free goods or services. QR codes may even be sent to you in leaflets or letters, but always make sure to follow the tips above, especially if a code has made its way to you without your asking.
- You do not need a QR code ‘app’
Your phone’s camera is capable of scanning and following QR codes. The misconception that you might need a new app to do this can lead to downloading fraudulent software that asks for extensive permissions and may try to install malware on your device.
Always use your phone’s default camera for QR code scanning.
