Skip to main content

QR Code-Driven Scams

Key Points in This Article:

  • During the pandemic, QR code usage surged; however, they are inherently vulnerable to scammers.
  • Scammers have used them to target individuals and businesses who often don’t know how to recognize suspicious QR code use.
  • A few simple steps, such as double-checking the URLs a QR code takes you to, can help you avoid scams involving QR codes.

QR codes can be a great tool to help you market and promote your business. Unfortunately, hackers and scammers are taking advantage of some of their inherent vulnerabilities, targeting your customers and other consumers. QR code-related cybersecurity scams have increased to such an extent that the FBI has recently issued warnings about their use.

If you are or are considering using QR codes, it’s critical to understand how hackers are using them to scam others and what you can do to protect your customers and employees.

The Rise of QR Code Use

QR codes have been around since the Nineties. Back then, they were primarily used for automotive logistics. However, by the 2000s, as smartphone use rapidly grew, marketers realized they could use QR codes to direct consumers to a website, among other uses. It quickly became a heavily used marketing tool, with QR codes affixed to physical surfaces.

Consumers were relatively slow to follow along, and business interest in QR codes began to wane. But with the need for contactless transactions during the COVID-19 pandemic, QR code usage soared to even greater heights. Restaurants used them in place of menus, municipalities affixed them to parking meters, and offices used them to check in clients, among other creative uses.

Even with the pandemic receding, QR code usage has found new life. But with their usage have come new risks, which can be challenging to combat.

Common QR Code Scams – And How Businesses Can Address Them

Hackers and scammers can leverage QR codes in several ways. A fraudulent QR code can be placed on any surface, directing consumers to fraudulent websites designed to take their money. And in some cases, scammers have placed their fake QR codes on top of real QR codes to dupe individuals.

In a widely publicized instance, Texas parking authorities found that scammers had affixed fake QR codes to parking meters to capture driver credit card information. QR codes were found on Texas parking meters in Austin, Houston, and San Antonio, even though those cities don’t use QR codes for parking meter transactions.

To mitigate this risk, avoid using QR codes outdoors and in environments. You can’t control it. If you place them outside, you must consider the physical security of the areas where you intend to deploy QR codes. Add them on surfaces under your surveillance so you can keep an eye out for those looking to take advantage.

Experts warn that consumers should take a quick look to determine whether the QR code looks like an authentic addition to a display or appears hastily affixed on top of something. And they should also examine the website they’ve been driven to carefully, keeping an eye out for spelling, grammar, and formatting errors that may signal a fraudulent website. Add your business’ voice to this growing chorus by sharing these tips with your customers and employees.

Fraudulent QR codes can also be affixed to phishing emails sent to your customers to intercept money intended for your company. They may also be sent to your employees, sending them to websites that induce them to provide their access credentials or other sensitive information.

Addressing this risk involves ensuring that your employees and customers understand how to spot a phishing scam. If you open an email on a laptop that contains a QR code, you should automatically regard it with suspicion. Why would the sender want you to go online with another device if you’re already online?

For employees, cybersecurity awareness training is at the top of the list. And it’s not a bad idea to offer your customers guidance about this kind of scam and how you intend to use QR codes in your business practices. That way, they’ll better understand whether a marketing message with a QR code purportedly from your company is suspicious.

How You Can Protect Yourself From Fraudulent QR Codes

To keep yourself safe from QR code scams, keep the following five tips in mind:

Don’t Download Apps That Come From QR Codes

Scammers are also directing people to download fraudulent apps. These apps may trick you into handing over credit card information or contain malware. Avoid downloading any app you’re driven to from a QR code. Instead, download apps directly from the Apple or Google stores to eliminate this risk.

Check the Website the QR Code Takes You To

You also want to check the website URL you’re being driven to. If it doesn’t include the domain name of the website you expect to visit, it includes HTTP rather than HTTPS or anything else out of the ordinary.

Avoid Scanning QR Codes from Emails

As mentioned above, avoid scanning any QR codes you get from emails. There’s little legitimate reason to include one in an email. And if you see one, it’s likely a sign of a scam.

Use Caution If QR Code Asks for Login Credentials

You also shouldn’t be prompted for login credentials when you scan a QR code. And if you’re asked to log in to a website at which you have an account and use a password manager, you may have scanned a fraudulent QR code.

Avoid Making Payments on Websites Accessed Through QR Codes

Additionally, it’s best not to make payments directly on sites you’ve accessed via QR code. While it’s possible that you have been sent t a legitimate site, it’s just as possible that you’ve been redirected to a fraudulent one. Instead, close and reopen your browser and manually navigate to the business’ website. It will take a few extra seconds, but that time could save you significant financial headaches.

In sum, while they can be a great marketing tool, QR codes are vulnerable to exploitation by scammers. Businesses should limit these risks and warn their customers and employees about potential scams. And everyone should be careful about the QR codes they access to protect their financial information from falling into the wrong hands.