Quick Response codes or QR codes have been around since 1994, but they have become much more popular in recent years and can be commonly found on parking meters, in restaurants and in advertising. When you can a QR code with your phone, it will take you to a website. Unfortunately as the popularity of QR codes has increased with the public, its popularity has also increased with scammers who are setting up phony QR codes to lure you to their bogus website where they solicit personal information used for identity theft or persuade you to make a payment with a credit card or even in some instances, merely by scanning the phony QR code, you will download harmful malware such as ransomware or even malware that will enable the scammer to take over your email account. I have written about QR code scams called “quishing” since 2021.
The FBI warned about a dramatic increase in QR code scams in 2022 and the problem is only getting worse.
The most common places where you will find phony QR codes is on parking meters where the phony QR code is put on as a sticker over the legitimate QR code, in restaurants, in phishing emails, on social media posts or on unordered packages delivered to your home. Now, however, scammers are using QR codes to scam you in a new way. The new QR code scam starts with an email that appears to come from a company with which you do business informing you that you need to update your account or your account will be closed. In order to update your account, you are instructed to scan the QR code in the email which takes you to a website that looks like the real website for the company that the scammer is posing as and asks you to input your username and password. People falling for this scam end up giving access to their account to the scammer.
As I often say, “trust me, you can’t trust anyone.” If you receive such an email the first thing you should do is check the email address of the sender. If it doesn’t appear legitimate or does not appear to have a relation to the company it purports to be from, you can be confident that it is a scam. However, in many instances the email address may look legitimate even though it is not. In that case, you still shouldn’t trust the QR code, but rather should contact the company at a phone number or website that you have confirmed is legitimate to confirm that you don’t have to update your account.
This scam also points out the importance of using dual factor authentication on all of your accounts because even if someone manages to steal your username and password, they will not be able to access your account.
Finally, there are companies like Kaspersky that have free QR code scanner apps that will not only scan the QR code, but also let you know if it is legitimate and prevent the downloading of malware from bogus QR codes. Here is a link to Kaspersky’s QR code scanner. https://www.kaspersky.com/qr-scanner
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it indicates “Sign up for this blog.”