In the intense arena of Formula 1 racing, every millisecond counts – not just on the track but also in protecting the valuable data that drives
A Quick Response (QR) code is made up of black and white pixels, designed for someone to scan with their camera to access links, contact information and more. Some common QR code scams you should be aware of include QR codes on parking meters, unexpected package deliveries, phishing emails, restaurant menus or unsolicited text messages. One study in October 2023 found that 22% of worldwide phishing attacks used QR codes to spread malware. While QR codes have made it easier for people to scan and go, QR code scams have also been increasing in recent years.
Keep reading to learn more about the most common QR code scams and how you can stay safe from these scams.
How QR code scams work
Scammers create QR codes with ill intentions by embedding a disguised, illegitimate URL. When someone scans the QR code, they are taken to a malicious website where they are tricked into entering sensitive information that is sent to the scammer. Some malicious links immediately start installing malware onto a device just by being navigated to.
5 of the most common QR code scams
If you’ve ever walked down a busy street or stepped into a modern small business, you’ve realized that QR codes appear in popular locations. Let’s take a look at five of the most common types of QR code scams you could encounter if you’re not cautious.
1. Parking meter QR code scam
Imagine you go out to meet up with your friends and a downtown parking lot requires you to pay for parking. Luckily, they offer the convenience of paying by scanning a QR code. Since you’re in a rush, you scan the code, enter your credit card information and leave to find your friends. However, scammers anticipate people choosing to scan a QR code to pay for parking fees rather than inserting their credit card or cash into machines, so they have covered legitimate QR codes on parking machines with manipulated versions to steal your private information and money.
You can tell if you’ve been a victim of this kind of QR code scam if you see charges from unrelated businesses on your credit card. At this point, you should realize that the QR code you scanned to pay for parking was fake and that your credit card information has now been compromised. Rather than scanning QR codes to pay for parking, it is safer to use your credit card to pay at the machine or meter directly.
2. QR code in an unexpected package delivery
Sometimes, when you order a package or gift from a small business, there may be a QR code for you to scan to learn more about their shop or to leave a review. However, QR codes in packages could be part of a scam if you didn’t order the package to begin with. A recent scam involves a person receiving an unexpected package and, after opening it, discovering a QR code to scan in order to return the package. The scammer anticipates the recipient will scan this QR code to return the package since they didn’t order anything. By scanning this QR code, the recipient will instead be taken to a website that collects their sensitive information, such as phone numbers, email addresses, credit card numbers and home addresses.
When you receive a package that contains a QR code, do not click on the link after scanning it if the preview looks illegitimate. You should also not enter any personal information on the link, especially if it seems suspicious.
3. QR code included in phishing emails
Phishing emails often contain unsolicited links or attachments, but some emails also contain QR codes as part of the scam. Phishing emails typically lure victims into sharing private information, like login credentials or credit card numbers, by impersonating legitimate companies or people the victim knows. For example, you may receive an email from your supposed boss or someone in your workplace that asks for you to scan the QR code to enter your updated contact information. However, you should not enter any information from QR codes in emails. Instead, contact whoever sent you the email directly to confirm that the QR code is legitimate.
4. QR code in a restaurant
You may have sat down to eat at a new restaurant, and the waiter points to the QR code on your table rather than handing you a menu. Although this may be a convenient way for restaurants to avoid cleaning physical menus, QR codes in restaurants could be part of a scam. QR codes in place of menus could easily be replaced with malicious links from scammers wanting to collect customer information while they dine. If a restaurant has a QR code printed out on each table, it is easy for a scammer to print out their own QR code and paste it on top of the legitimate code. Ask for a physical menu instead, or go straight to the restaurant’s website to look at the menu.
5. Unsolicited messages with QR codes
You can receive QR codes in more traditional phishing attacks, such as over email. For example, you could receive a message from UPS claiming that your package was undeliverable and that you need to scan the QR code to reschedule your delivery. In another instance, you may receive an email pretending to be from a website where you have an online account, claiming it found suspicious activity and that you need to scan the QR code to change your password.
Tips to stay safe from QR code scams
Although QR code scams can be difficult to detect sometimes, there are several easy ways to protect yourself and avoid future scams.
Before scanning a QR code, ensure it hasn’t been tampered with
If you’re about to scan a QR code, make sure you check that it hasn’t been tampered with before scanning it. You can do this by looking underneath the QR code if it is a sticker to make sure it isn’t covering another QR code. If you see that a QR code has bumps or peeled edges, this may be more than just wear and tear – it could actually be a scam.
Double-check the QR code preview link
When you scan a QR code, always check that the preview of the URL will direct you to the correct place. For example, in a restaurant, you would expect a QR code to direct you to the restaurant’s website or menu. Make sure a QR code in a restaurant does not take you to an unrelated website, as this could be a sign that the QR code is illegitimate.
Protect your online accounts
Keeping your online accounts protected with strong passwords and Multi-Factor Authentication (MFA) can protect you from QR code scams. Using a password composed of at least 16 characters, including a variety of uppercase and lowercase letters, numbers and symbols, for each of your accounts, is considered strong and a cybersecurity best practice. Another way to protect your online accounts is by enabling MFA, which gives your accounts an extra layer of security by requiring additional proof of identity beyond a username and password. If you fall for a QR code scam and enter your username and password into a website but have MFA enabled, a scammer will not be able to access your account even if they know your username and password.
Keep your phone’s software up to date
Your phone must have the latest software updates installed because they contain bug fixes, new security features and overall improvements to your phone’s performance. This can keep you safe from QR code scams because a recent software update might be able to tell you if a website from a QR code is dangerous. Without keeping your phone up to date, you might risk clicking on an unsafe link that goes undetected because your phone does not have the latest security features.
Avoid scanning malicious QR codes
Despite how common QR codes are and how often you rely on them, you should also be skeptical of how safe they are. Now that you know some of the most common QR code scams, remember our tips to stay safe, including being cautious of the URL linked to the code and having a strong password for each of your accounts. You can create and store your passwords securely using Keeper Password Manager.
Start a free 30-day trial of Keeper Password Manager today to protect yourself from falling victim to QR code scams.