Unless you are one of the lucky few who lives digitally disconnected, you have more than likely seen, used, and taken advantage of a QR code at some point in the last two years. These square smartphone scannable bar codes have been around for years, but the pandemic boosted their popularity from slight novelty to nearly essential.
The codes are highly convenient for businesses and consumers alike, allowing everything from easily accessible information to contactless menus at your favorite restaurants. While they have streamlined life in many valuable ways, QR codes have also opened another door for criminals to scam unsuspecting people out of personal information that can be used to commit fraud.
Quick Response History Lesson
QR stands for Quick Response, and although the codes seem modern, they have been around for a while. The now well-known black and white box was first released in 1994 by the Japanese company Denso Wave to track vehicles during the manufacturing process. The codes increased in popularity over the next several decades as they proved more effective than traditional bar codes while also holding more potential uses. The pandemic saw QR codes become mainstream, in large part due to the contactless convenience they offered for people and purposes all over the world.
The data held within a QR code was initially intended to track and identify products to help businesses keep tabs on inventory or the manufacturing process. Today, the codes typically point people to a website or app once the QR code is scanned by a smartphone. Their use is widespread, and scannable codes are now seemingly just about everywhere.
Human Nature and Criminal Intent
If you have ever used a QR code, you know how convenient they are. Whether you want to pay for parking on a busy city street, use your phone as a digital boarding pass for a flight, pull up a lunch menu at your favorite restaurant, or get the trail map for a hike, the codes allow you to do it all in seconds. The ease in which QR codes can be used is why they have gained so much traction.
We all like to follow the path of least resistance, and it is human nature to inherently trust and enjoy the things that make our lives easier. Basic psychology shows that we become comfortable with the familiar. With QR codes becoming much more commonplace over the last few years, most people now use them and don’t think twice about scanning even a random code using their phones.
But having blind trust in digital conveniences, be that QR codes or any other tool/mechanism, also plays right into the hands of cybercriminals. The lack of caution is a feeding ground for criminal intent, and unsuspecting victims don’t even know that there is a risk. It’s not always so much about letting your guard down as it is not knowing that you need to have it up in the first place.
QR Scams and Superbowl Ads
The rise in the popularity of QR codes over the last few years has directly correlated to an increase of related scams. Bad actors have tons of incentive to invent new schemes, and when one is even just a bit effective, then you can count on it becoming more prevalent.
There are a few common ways that a QR scam can play out. Fake or imposter codes are common, and criminals can alter or replace an authentic code to trick victims. Examples include fake parking meter QR code stickers or codes appearing in a phishing email. The codes look real, and technically they are, but they send victims to a phony website or to a fake app to harvest personal information. Once you put credit card or other information into the website reached by the bogus link, fraud is the likely outcome. Other scam QR codes can contain malware and dangerous code that can potentially infect your device and lead to identity fraud issues down the road.
QR code issues aren’t always associated with criminals, as shown by a recent Super Bowl ad from the cryptocurrency exchange platform Coinbase. This ad featured a QR code that bounced on the television screen in an attention-grabbing fashion that television viewers could scan directly from their couches during the big game. So many people did this that the website crashed, which is not what you want to see from a company that is asking you to invest.
What to Watch Out For
General the need to have a health cybersecurity awareness applies to QR code scams, just as it does to the growing number of cyber threats that we all face daily. The best advice is for you to treat every QR code that you see as being potentially suspect. Don’t blindly trust a code, and instead assess each one on a case-by-case basis.
If you receive an unsolicited email with a QR code, it’s most likely a scam. There really isn’t a reason to send a code via email except to defraud you. If you see a crooked QR sticker on a parking meter or next to an ATM, don’t scan it. If you do scan a code, always be cautious of sending personal information through the directed link. Make sure the website is authentic and secure and that you land at the actual website the code was supposed to lead you to.
QR codes have become such a problem that the FBI issued a public service announcement about this issue near the beginning of the year. This announcement provided several good tips on reducing the risk of falling victim to a QR code scam. Some of the best advice includes the following tips:
- Never download an app from a QR code – use the app store on your phone instead
- Always check the URL to make sure that it is authentic after you scan a QR code – typos or an unsecured site are red flags
- Don’t download a QR scanner app, as these can be faked – use the scanner included on your phone instead
- Never make payments of any kind through a QR code, and be wary if you are asked to do so
LibertyID provides expert, full service, fully managed identity theft restoration to individuals, couples, extended families* and businesses. LibertyID has a 100% success rate in resolving all forms of identity fraud on behalf of our subscribers.
*LibertyID defines an extended family as: you, your spouse/partner, your parents and parents-in-law, and your children under the age of 25.