Watch out for QR code scams being sent through email

Scan a QR code and you can get information such as recipes, menus, website links and links to download apps, coupons and more. Quick Response (QR) codes were created to track automotive parts, but they’re everywhere now.

There are many third-party QR scanning apps, but you don’t even need one. Your iOS or Android phone’s camera can scan QR codes without the need for any additional software. Tap or click here for our detailed instructions.

While convenient and entertaining, scanning a QR code can expose you to malware and scams. Crooks use QR codes to steal credit card details and other sensitive information. Here’s what you need to know.

Here’s the backstory

Cybersecurity researchers at HP have been following a Chinese-language phishing campaign distributed through Office documents sent through email. The documents contain no malicious code — just some text and a QR code.

The senders pose as the Chinese Ministry of Finance and similar institutions, informing recipients they are entitled to a government grant. Of course, they’re advised to act quickly (a common tactic wielded by many scammers).

The document contains bits of information to make it seem more legitimate, such as copyrights and security notices. Recipients are told to scan the QR code using WeChat, a popular social media app that offers payment options and messaging.

Scanning the code leads to a webpage containing the same information as the Word document from the email. There’s a button to get the “grant application” started. There’s also a request for payment card information.

The unsuspecting victim enters their bank card number, and that’s it, right? No, it doesn’t end there. The crooks ask for more information, such as credit balance and limit, which they’ll likely use to get around fraud detection. But no matter what they use it for, the more information they have, the more damage they can do.

Just because this scam is making the rounds in China doesn’t mean scammers can’t do the same thing here. There’s no language barrier when it comes to crime.

RELATED: Watch out! These QR code scams are tough to spot

HP has been tracking these campaigns since the end of October and says they are being distributed in high volumes. The messages are structured in a way that makes it easy for attackers to change the theme and lures as they see fit.

Continue reading

Scam Alert: Robocalls trick victims with fake COVID-19 tests

As the omicron variant of COVID-19 continues its spread across the country, the number of infections is increasing. Naturally, that leads to more people wanting to be tested.

Testing is available at a number of health facilities and pharmacy chains, and you can even opt to buy testing kits that can be shipped to your home. Have you purchased an at-home test? Tap or click here for details on millions that have been recalled.

Continue reading

Witch parking – All others will be toad: Scammers are leaving fake parking tickets on windshields. They look like the real deal but have a bogus payment website at the bottom ready and waiting for your credit card details. Always go directly to your city’s or town’s website to pay a parking ticket.

Data breach alert: 3 million customer credit card details exposed

With indoor dining still unavailable in many parts of the country, it makes perfect sense to get dinner to go. But if you’re making a stop at a restaurant, you might want to think twice about using your credit or debit card — because hackers are on the move.

Continue reading

2,000 online stores at risk after attack - How to shop safely

It’s bad enough when an online platform like a social network or game gets hacked. But when an online store — and all of its customers’ payment information — finds its way into hackers’ hands, you have an absolute disaster in the making.

Continue reading