To QR or Not To QR

QR codes (i.e. Quick Response codes) have been around since the 1990’s with widespread use beginning in the early 2000’s. In recent years, the use of QR codes has surged. No matter where you go (a restaurant, an event, or viewing an advertisement) you will probably encounter a QR code. As with every piece of technology, there comes the need to understand the risks involved.

“In 2021, 75.8 million smartphone users in the United States scanned a QR code on their mobile devices, up by 15.3 percent compared to 2020.” QR code usage is projected to grow by over 30% by the year 2025, with over 99 million users scanning QR codes. ¹

It seems like more people are using them than ever before, so what risk is there with a tiny little square?

Cybercriminals are using fraudulent QR codes to collect personal and financial information. Personal information can range from login credentials to mailing addresses whereas financial information can range from credit cards to bank account numbers! For example, the city of Austin, TX experienced a QR scam where people scanned QR codes placed on parking meters and paid for their parking (or so they thought) on a fraudulent website. ²

What can you do to help avoid being a victim of a fraudulent QR code? While there is no fool-proof way to avoid this, there are a few things you can do to help spot a fraudulent QR code.

1. Consider the Source: If you’re at a restaurant, make sure that the server is the one directing you towards their QR code. Regardless of where you’re accessing the code, don’t make an assumption.
2. Use Your Best Judgement: No one around to verify authenticity? Does the QR code look like it belongs to the original work? If not, it could be fraudulent. Be wary of stickers posted on top of original posters or flyers.
3. Question Requests for Personal Information: Does the link the QR code take you to immediately ask for personal information? While this may be the intent of some QR codes, be vigilant to ensure it’s not fraudulent.
4. Review for Accuracy: Many smartphone cameras now show a preview of the link that you intend to follow. Simply review the link to ensure that it appears legitimate and matches what you expect to be seeing. Misspellings or unfamiliar variations of the website URL would be clear signs to forgo following the link.
5. Do Not Scan from Email: Many scammers will include QR codes within emails. This is a red flag; do not scan! From an email, a link should be sufficient to direct you to a website, however, QR codes often bypass security software.
6. Use a Password Manager: This one sounds counterintuitive. But consider this: if a fraudulent QR code brings you to a seemingly legitimate website, you may unintentionally enter in a username and password which then compromises your login credentials. However, using a password manager will add a layer of protection in, simply because the fraudulent URL will not match your login credentials.

• Password Manager Credentials:
  • Username: kellygirl
    • Password: panthers2-21^
    • Website: justwildcats.com
• Credentials from Memory
  • Username: kellygirl
    • Password: panthers2-21^
    • Fraudulent Website: justwildacts.com

Did you spot the variance? Something very small can make a huge difference. The password manager will know not to fill in the login credentials because the website does not match what you have saved.

Fraudulent QR codes is one more evidence of how cybercriminals are looking for lucrative opportunities to capitalize on a new technology. Using the tips above will help you avoid accessing fraudulent websites via QR codes. We’re here to help you know what to look for and provide you with tools to help protect yourself.

If you haven’t subscribed to IDSeal, don’t wait another day! IDSeal includes identity theft and device protection features that help to protect you from the schemes of thieves and cybercriminals. Click here to get started with the industry’s leading identity theft and device protection plans.

¹ Source: https://www.statista.com/statistics/1297768/us-smartphone-users-qr-scanner/#statisticContainer

It is not possible to prevent all identity theft or cybercrime, or to effectively monitor all activity on the internet. IDSeal cannot and does not guarantee complete protection against cybercrime or identity theft. IDSeal does not monitor the activities of all financial institutions, or all activities of any particular financial institution.

IDSeal Pro-Tec provides tools and resources to protect your data and identity, but no one can prevent all cybercrime or identity theft. Your own efforts are important to prevent unauthorized access to your personal information.