What are QR Codes?
QR codes provide quick access to specific websites or products (for example restaurant menus), but they can also lead to dangerous phishing schemes or infected websites.
Cybercriminals are exploiting the growing use of QR codes as a “touchless experience” during the pandemic. QR interactions have grown 94% over the last three years, with an estimated 5.3 billion QR coupon redemptions projected in 2022. In QR code fraud, the goal is almost always the same—to get you to navigate to a website where cybercriminals can steal your data, money or both. However, there are many ways to protect you from these cybercriminals.
How to Identify Threat:
Tampered QR codes trick consumers by directing them to a malicious site which is designed by the cybercriminal to look identical to the site the victim is attempting to access. Believing the site is authentic, they are then prompted to share confidential information, such as their online banking login credentials or other personal information. Malicious QR codes may also contain embedded malware, allowing criminals to also gain access to the victim’s mobile device and location. Cybercriminals have the ability to tamper with both digital and physical (printed) QR codes on display in public locations.
How to Protect against this Threat:
Consumers can protect themselves by checking that the website the QR code links to is authentic with a correctly spelled and secure URL. Physical QR codes should be highly scrutinized and checked to make sure it was not tampered with by placing a sticker on top of the original QR code, for instance. Also, consumers should be cautious of downloading QR code apps due to the risk of malware. In short, only scan QR codes you are sure are directing you to a trusted site.
Content based on an article by Wespay