A few weeks ago, I wrote a TechTips article on the growing popularity of using QR codes in your marketing. It seems like QR codes are everywhere. Restaurants use them to allow you to download menus. You see them in print articles and publications, sending you to a particular website or webpage.
They are becoming quite helpful. And cybercriminals are paying attention.
A couple of recent articles have highlighted the potential danger of scanning a QR code without thinking about security and the potential for scammers to use those codes to steal information.
I recommend you read both these articles, as well as the FBI announcement.
- How QR codes work—and what makes them dangerous [Fast Company]
- Beware of QR Code Scams [Wall Street Journal] (behind a paywall but free with this link)
In January, the FBI released a public service announcement highlighting how cybercriminals are tampering with QR codes and providing some suggestions for how you can protect yourself.
To recap, here is the list of steps the FBI recommends you take to protect yourself from QR code scams:
- Once you scan a QR code, check the URL to ensure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- When entering login, personal, or financial information on a site navigated from a QR code, practice caution.
- If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
- Do not download an app from a QR code. Use your phone’s app store for a safer download.
- If you receive an email stating a payment failed from a company you recently made a purchase with and the company says you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
- Avoid making payments through a site navigated from a QR code. Instead, manually enter a known and trusted URL to complete the payment.
If you believe you’ve been a victim of a QR code scam, report the fraud to your local FBI field office at www.fbi.gov/contact-us/field-offices. The FBI also encourages victims to report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center at www.ic3.gov.
QR codes are a great tool that can help take some friction out of prospects and help customers quickly get the information they want. And, like many other things, a bit of caution is advised.