Quick Response codes, better known as QR codes, are those blotchy squares that look like a barcode that had a rough night out. Similar in function, they serve as a quick way for people to scan them with their camera to access a web link.
It is impossible to tell where the link will take you once scanned with no text on them. And it is this uncertainty that cybercriminals and hackers are banking on. Many curious users might scan it and follow the shortcut, but it can be super dangerous.
There has been an increase over the last few months of QR codes pointing users towards fraudulent content or fake websites. These almost always have criminal intent. Here is what you need to look out for and how to stay safe.
Here’s the backstory
The Better Business Bureau (BBB) has issued a warning for people to be cautious when interacting or scanning QR codes — especially if it isn’t clear who made it or where it will take you.
Many businesses and companies use these codes to direct customers to their apps, online menus or specific products. But criminals have also been using them to trick people into visiting fraudulent websites.
The codes are easily distributed and reprinted and can be found almost anywhere. From showing up in magazines to being uploaded to social media, all you need to do is point your camera at the code to get the data.
How to avoid scam QR codes
Once a code is scanned, a popup will appear with confirmation that you want to follow the link. It might display the full domain and URL, but hackers can easily spoof this. Many of the nefarious codes will take you to fake or phishing sites and require your personal details to continue.
As the codes are easy to program online, the BBB warns that cybercriminals can configure them to automatically launch payment applications or cause you to follow malicious social media accounts.
BBB offers the following advice to avoid QR code scams:
- If someone you know sends you a QR code, confirm before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure they haven’t been hacked.
- Don’t open links from strangers. If you receive an unsolicited message from a stranger, don’t scan the QR code, even if they promise you exciting gifts or investment opportunities.
- Verify the source. If a QR code appears to come from a reputable source, it’s wise to double check. If the correspondence appears to come from a government agency, call or visit their official website to confirm.
- Be wary of short links. If a URL-shortened link appears when you scan a QR code, understand that you can’t know where the code is directing you. It could be hiding a malicious URL.
- Watch out for advertising materials that have been tampered with. Some scammers attempt to mislead consumers by altering legitimate business ads by placing stickers or the QR code. Keep an eye out for signs of tampering.
- Install a QR scanner with added security. Some antivirus companies have QR scanner apps that check the safety of a scanned link before you open it. They can identify phishing scams, forced app downloads, and other dangerous links.
Also, if you’re worried about malicious QR codes, you should have trustworthy antivirus software installed on all of your devices. We recommend our sponsor, TotalAV.
With TotalAV, you get so much more than antivirus protection. It’s the full package: A security suite that protects your computer and smartphone from today’s threats.