QR (Quick Response) codes have taken the world by storm, especially during the pandemic. These little black and white squares that you scan with your smartphone camera are incredibly convenient. Unfortunately they can’t always be trusted.
QR code scams are on the rise, only becoming more and more prevalent. But what is a QR code scam? How can you avoid them?
QR (Quick Response) code scams are designed to link you to a malicious website where your financial details, sensitive data, or both are stolen. The fraudulent QR codes can be applied over legitimate QR codes or embedded in phishing ads or messages.
In the rest of the article we’ll tell you about the different types of QR code scams known to the cybersecurity experts of CloudNexus and ways you can detect and avoid them. QR codes are useful tools, but their utility and ease of use is exactly what makes them a great attack vector for cyber criminals.
Breaking Down QR Code Scams
The Most Common Types of QR Code Scams
Before we get started with common QR code scams, we think it’s important to note that this list is by no means comprehensive. When it comes to QR codes, listen to your instinct, ask yourself if scanning it is really necessary, and ask for the URL to navigate to a site directly if you feel a QR code may have been tampered with.
Payment QR Code Scams
These scams involve a fraudulent QR code for payment purposes. The fake QR code could be carefully stuck over a legitimate payment QR code. It might be on a flier posted where online payments are frequently made, such as bars or convenience stores.
A great example of a payment QR code scam took place in January 2022 in Austin, Texas. Over two dozen QR code stickers for payment popped up at parking meters and pay stations across the city. However, none of the city parking meters or pay stations have been set up to accept QR code payments.
Instead, the fraudulent QR codes led drivers to a website where their payment was stolen- along with their credit card information. There’s no way of tracking how many people fell for the fraudulent codes, and Austin police are still investigating.
Cryptocurrency Exchange QR Code Scams
If you’ve ever transacted in cryptocurrency, you know how heavily that sector relies on QR codes for transfers. Especially within Cash App, which now allows you to make crypto transactions in-app. That is why this type of QR code fraud is so insidious.
Fraudulent QR codes are most often involved in giveaway scams, where hackers pretend to be giving away cryptocurrency. They promise that if you transfer them cryptocurrency via the QR code, they will send you back double.
Spoiler alert: they never send any back.
In a similar vein, cyber criminals have been known to hack people’s social media accounts. They then use social engineering tactics to trick friends and family of that user into sending them cryptocurrency via a QR code.
QR Code Viruses
You can easily get a virus from scanning a fraudulent QR code. QR codes are typically linked to a URL. All cybercriminals have to do is link a QR code to a website which automatically downloads malware and BAM! You’ve got a virus on your smartphone.
Another way which you might inadvertently download a virus is by using a fraudulent QR code to download an app. The link within the code might not be for the app at all, but once you realize that, the damage is already done.
The type of virus often varies. It could be a keylogger which tracks everything you type, like your passwords, financial information, or your social security number. It might be a Trojan horse virus, which masquerades as something safe and necessary- and then downloads a nasty virus.
These Trojan horse apps often automatically begin sending lots of text messages to a number that charges $6 per message. That money usually goes straight to the scammer.
QR Code Scams In Online Marketplaces
Some QR code scammers prefer a social engineering angle. They may approach you on online marketplaces like Facebook Marketplace, Ebay, etc. The cybercriminal usually purports to be interested in purchasing an item you listed. But it gets hairy when it comes time to pay for it.
Next, they ask you to scan a QR code so that they can ensure they’re sending the funds to the right account. The link will take you to a site that asks you to enter your bank details. These, of course, are immediately sent to the scammer.
Another common variant involves a small payment before the “purchase” to ensure they have the right account. This gains your trust. Next, they ask you to scan a QR code to receive the rest of your payment – and steal your money.
At the time of writing, there simply is no way to receive a payment by scanning a QR code. QR codes can only be scanned to pay someone else, not to receive payments. If anyone tells you to scan a QR code to receive money from them, DON’T do it!
Phishing QR Code Scams
Typical phishing attacks involve scammers pretending to be a known or trusted person in your life. They aim to trick you into giving up data. QR code phishing scams follow the same script.
You will receive either physical (a letter or flier) or virtual (an email, text, or direct message) correspondence containing a fraudulent QR code. These messages usually appear to be from a trusted business or friend.
In actuality, scanning the code and “verifying” your information by logging in/entering financial details sends it straight to the scammer. Who can then use it or sell it as they please.
If you receive a message claiming to be from your bank/service provider, check the official website or app and call customer service. They’ll be able to tell you if the request is legitimate.
QR Code Scams In Person
This growing QR code scam actually takes place face-to-face. It typically consists of a stranger appealing to the good Samaritan in you, asking for help paying for parking or gas. They say they have the money in cash, which the machine won’t take.
Next, they show you a QR code and say if you send money to that link, they will pay you back in cash. Some even do actually give you the cash you are supposed to send to them.
But beware! Entering your payment information at the malicious link on the QR code delivers your bank details straight into the hands of the scammer. That $10 bill they forked over was well worth the hundreds they’ll steal from you.
Red Flags And Ways to Avoid QR Code Scams
Despite the various types of QR code scams, the ways to protect yourself from malicious QR codes are all pretty consistent. Being able to take these precautions and identify these known red flags will reliably help you avoid scanning a scam.
Install An Antivirus On Your Smartphone
This tip won’t prevent you from falling for a QR code scam, but it can help to limit the damage of one. If you have an antivirus on your mobile device, it can help prevent certain types of malware from being downloaded via QR code, or at least alert you about it when it happens.
Do Your Own Research!
Whether you’ve received a suspicious message containing a QR code or you’ve come across one in the wild that you want to look into, do your research rather than scanning the code!
If you receive a message claiming to be from your bank or service provider, go to their official website or app and call customer service. If you see a flier or advertisement that you’re curious about, but wary of, look up the deal on your own. Don’t use information from the ad itself. Google the company and the supposed promotion to see if it’s real or not.
Remember, QR Codes Are Used To Send Payments, Not Receive Them
Any QR code that is supposed to allow you to receive money should be treated as fraudulent. Period. No matter what the person sending it says, at best they will steal the amount they’re claiming to send you. At worst, they’ll steal your financial information and use it.
Just Say No
Unfortunately, you can’t always tell good folks in need from scammers playing to your empathy for your fellow man. The easiest way to avoid in person QR code scams is that if you don’t know someone, don’t scan QR codes from them. Ever. Sometimes people will give you a hard time, but just say that you’re in a hurry and walk away, even if they keep bothering you.
The most reliable way to stay smart and not fall for scammers is with up to date knowledge. Follow a scam alert site like this one by the Better Business Bureau for your region. Keep an eye on what scammers are doing now, and what trends can be seen in your area. Knowledge is power, after all!
Scan QR Codes With Confidence
There are always going to be bad actors trying to trick people into giving up their financial and personal details or hard earned cash. It’s sad, but it’s true. With your newfound awareness of QR code scams and how to avoid them, you’ll be one step ahead of any scammers you come across.
If you liked this blog, you should check out this post about small town cybercrime. Despite a peaceful rural existence, businesses and local governments in small towns are just as, if not more, susceptible to cyber attack.