QR codes are a popular way to share information at a glance. You can quickly access a webpage by pointing your phone’s camera at a QR code and opening the pop-up box. However, scammers have decided to ruin a useful technological advancement by hiding malicious scams as QR codes. Read on to find out what you need to know regarding these insidious criminal schemes.
“Anytime new technology comes out, cybercriminals try to find a way to exploit it,” says F5 app security vice president Angel Grant. “It’s easier to manipulate people if they don’t understand it.” A notable recent example of this scam took place in Austin, Texas.
Austin recently rolled out a QR code initiative that allows motorists to pay for parking by scanning official codes at marked spaces. Some scammers covered the official stickers with their own scam codes, which redirected motorists to a phishing site. While victims thought they were paying their parking fees, instead they were giving criminals their money. Making matters worse, the victims also received parking tickets for failing to pay the city.
A QR code is a black-and-white image that imparts information to a computer. You can use your cell phone to scan a QR code, which allows your phone to access a lot of information in the blink of an eye. The most common use case for this technology is to shortcut your way to a webpage without typing out a full URL.
QR is short for “quick response.” The codes are also older than you might think. They were invented in the 1990s and were first used in Japanese manufacturing plants. They’ve grown in popularity in recent years thanks to their convenience—and thanks to widespread adoption by smartphone manufacturers.
Scanning a malicious QR code won’t download malware to your phone or compromise your system. Criminals can’t create any image that advanced. Instead, the scams are a new twist on an old scheme. Malicious QR codes redirect users to false web pages that ask for personal information like passwords and bank account numbers.
These are called phishing scams, and they’re nothing special. However, users still need to watch out for them. When you follow a QR code, make sure the URL in the address bar looks authentic. If you’re logging into your Amazon account, for instance, make sure the address bar says “Amazon.” If the URL looks fishy, it could be a scam webpage.