QR codes are everywhere. Even though they have been around for three decades, first invented in 1990 in Japan, the pandemic increased their popularity. They are now commonplace from restaurants, to view menus or pay the bill, to health care facilities, to check in or take health screeners, and many other places to be quickly redirected to information. Although these “quick response” codes are convenient, they have been a target of fraudsters.
QR code tampering
Early this year the FBI issued a public service announcement warning of tampering by cybercriminals to QR codes. Both physical and digital codes are being manipulated to redirect victims to malicious websites to steal personal data, embed malware, or redirect to payment in order to steal card information.
Many things can be done to protect yourself before scanning a QR code. First, observe where the QR code is placed and in what format. Is it in a public location? Is it a sticker or printed on a poster? Fake stickers can be added on top of real QR code stickers, so be sure to check if anything seems off. You can always search or type the URL that the code will send you in your phone, instead of scanning codes that are in public areas.
It is always better to use the QR code scanning function on your phone versus downloading a scanning app. Most phones will allow you to preview the URL that the code will take you before you actually arrive. Double check that it looks like a safe and legitimate website before you click the link. Lastly, avoid QR codes contained in emails. These codes could be phishing emails that look like they are coming from a reputable company but may have minor errors as clues they are fake. Again, you can always search for the actual website on your computer or phone.