QR codes have been around for over 25 years however 2020 saw an increase in usage due to the coronavirus pandemic. According to eMarketer, QR code scans nearly doubled to 25% in 2020 up from 13% the year prior as they made looking at menus, product information, services, events, and much more a lot easier as people just scanned the QR code without touching anything that could be contaminated. It is also estimated that QR code scanning will increase by more than 19% to 99.5M in 2025 from 83.4M in 2022.
Scammers have realized that QR codes have become very popular which is why they are taking advantage of the QR code technology to scam people out of money or to steal their identity.
How Do QR Scams Work
Anyone can create a QR code by using a number of free online tools. This makes QR codes easy for businesses to use but it’s also easy for scammers to take advantage of them.
To create a QR code, businesses can go to an online QR code generator and input the URL to which they want to send customers to. The QR code can take customers to concert events, restaurant menus, surveys, local government websites, coupon, or deal websites. There are no limits to what you can do with a QR code and the scammers know this which is why they are using them to exploit people.
What Happens If You Scan A Fake QR Code
You could be taken to a phishing website
Scammers create sites that look convincingly similar to what you expect, and then they ask for your sensitive information. But anything you enter including name, contact information, and credit card number goes to the scammer who will use the information to steal all your money or even worse sell your identity on the black market to other scammers who will use it to scam more innocent victims
Your device could be infected by malware
QR codes can also download malicious software onto your devices such as malware, ransomware, and trojans. These viruses can spy on you, steal your sensitive information or even encrypt your device until you pay a ransom
Latest QR Code Scams
Here are some of the latest QR code scams used by scammers to try and steal your money
Fake QR Codes Sent In Phishing Emails
Be cautious of any QR code that is sent in an email. These scams typically entail receiving an unsolicited email that contains a QR code needed to “view” a document, invoice, picture, or something else that is enticing to the recipient.
For example, scammers will often send “failed payment” emails that include a QR code. These scams also claim to come from a retailer you trust, like Amazon. The email will claim that a recent purchase of yours didn’t go through and that you need to scan the QR code to complete the transaction.
Don’t scan QR codes that are sent to you in emails. If you think an online purchase didn’t go through, log into your account directly on the company’s website instead of using a QR code.
Fake QR Codes For Surveys, Free prizes, Coupons
This can involve the scammer sending you an email that includes the QR code or they may send the offer through the post which temp you to scan the QR code to win a holiday, complete a survey, win a prize or get free coupons. If you receive an offer like this from someone you do not know asking you to scan a code be very careful as it may take to a criminal, or phishing website or try and install malware, or viruses on your device.
QR Code APP
Cybercriminals are developing QR code apps that you can download from the Google play store or Apple store for free to scan QR codes. Cybercriminals are using the free app you have downloaded to take you to the malicious or criminal website when you scan a QR code use the app. They also may try and install malware or a virus on your device via the QR code
Do not download a free QR code app to your mobile, or tablet device. We recommend you use the built-in QR code included with your phone.
Social Media and WhatsApp
Scammers are also making use of social media including Facebook, Instagram, TikTok, and more to distribute and convince people to scan QR codes online with offers of free prizes, and coupons, share this QR code, Scan here to see a great photo or video. As you can imagine scammers will come up with all types of tricks to steal your money or your identity.
If someone online you don’t know asks you to scan a QR code don’t do it. Any QR code in a social media direct message (DM) should be treated with caution
Cryptocurrency QR code scams
Scammers trick you into thinking you’re either getting in on investment or need to pay a fine using cryptocurrency. They’ll send you a QR code that opens a payment processor which enables you to convert your money to Bitcoin, Ethereum, and other cryptocurrencies.
Another common cryptocurrency QR code scam involves a fake investment opportunity. These scams often happen on social media or dating sites. Again, the scammer uses a QR code to direct victims to an official-looking site that includes information on how to send them cryptocurrency.
How To Protect Yourself from Fake QR Codes
Not all QR codes are scams and are used by legitimate businesses to provide you with easy access to information about the services they offer however with any technology there will be people who will use it to exploit people in order to steal your money or you’re personal identity.
Here are a few rules for using QR codes safely which may protect you from scammers.
Look for signs of tampering
Scammers will often replace legitimate QR codes with their own fraudulent ones. Check to see if the code is on a sticker above another one, or if there are signs it has been tampered with.
Preview the URL before following the QR code
Your phone will tell you the destination to which a QR code is trying to send you. Check the URL to see if it seems safe (or ask a member of the staff if you’re in a restaurant). If the URL is shortened and unreadable, do not recommend you click on the link
Check the destination site for signs that it’s a phishing scam
Look for signs that you’ve landed on a fraudulent website including misspelled words and typos, unprofessional design and low-resolution images, and unsecure URLs. “Secure” sites use HTTPS (not HTTP) and will display a padlock icon near their URL.