AUSTIN, Texas - The Better Business Bureau is warning consumers to watch out for fake QR codes.
The BBB says that in an effort to minimize physical contact in response to the COVID-19 pandemic, many companies have turned to QR codes to guide customers to their apps, menus, events or package tracking services.
However, the BBB says they are receiving reports of people using QR codes to direct people to malicious websites, prompting the user to input personal information or login credentials for the scammers to steal.
How the Scam Works
A person encounters a QR code through an email, direct message on social media, text message, flyer or other marketing material that appears legitimate. After scanning the code with their phone’s camera, it may direct them to a phishing website and request basic information to access the content.
The BBB also says that scammers can use QR codes to automatically launch payment apps or follow a malicious social media account.
In many cases, scammers sending fraudulent letters or emails include the official QR code of the organization or entity they are claiming to represent to appear more credible. The BBB says that one victim reported they had received a fraudulent letter regarding student loan consolidation.
QR codes are also a common element in cryptocurrency scams, where Bitcoin addresses are often sent via QR codes. One consumer who was contacted by a "binary and forex" trader through Instagram about an investment opportunity said, "after I had paid the withdrawal fee through the Bitcoin machine and sent it to the QR code I was provided, I received another email saying I needed to pay a cost of transfer fee. This is when I figured out that something wasn’t right."
How to Avoid QR Scams
- Confirm QR code before scanning: If you receive a QR code from a friend via text or a message on social media from a workmate, be sure to confirm with that person they meant to send you the code to verify they have not been hacked.
- Do not open links from strangers: If you receive an unsolicited message from a stranger that includes a QR code, BBB strongly recommends against scanning it. If the message along with the code promises exciting gifts or investment opportunities, exercise extreme caution if you decide to interact with it.
- Verify the source: If a QR code appears to come from a reputable source, double-check to verify its authenticity. Call or visit their official website to confirm it is legitimate and that the source is a part of the organization.
- Be wary of short links: If a shortened URL appears when scanning a QR code, there is no way of knowing where the code will direct you once the link is followed. It may be a guise for a malicious website.
- Check for tampering: Some scammers attempt to mislead consumers by altering legitimate business ads or by placing sticks on the QR code. Keep an eye out for signs of tampering and, if discovered, inform the business or entity to ensure the posted QR code is genuine.
- Install a QR scanner with added security: Some antivirus companies have QR scanner apps that check the safety of a scanned link before it is opened. These apps can assist in identifying phishing websites, forced app downloads and other dangerous links.