ROCHESTER, N.Y. (WROC) — During the COVID pandemic, many people opted for touchless ways to access information. QR codes, around for some time, were one of those methods. QR codes are those little black and white squares that you scan with your phone, and they then take you to a webpage.
“So, QR codes are computer-generated, they’re like a bar code on a product, you can scan it and it opens a website,” says Melanie McGovern with the Better Business Bureau.
McGovern says a new scam is out there involving QR codes. Some of these codes take you to phishing websites prompting you to put in your personal information, which is then stolen by bad actors. McGovern says to watch for malware.
“They could be putting something in your phone that’s tracking or going into your apps, things like that,” she says.
She also says con artists are using QR codes to launch payment apps or to follow malicious social media accounts. McGovern says the bad guys are hoping you don’t take a closer look before you scan.
“And if one looks like it’s been tampered with or like a sticker was put over it, definitely don’t scan it,” she says.
In addition, Bitcoin addresses are often sent via QR codes, which makes QR codes a common element in cryptocurrency scams. One consumer who was contacted by a “binary and forex trader” through Instagram about an investment opportunity said, “after I had paid the withdrawal fee through the Bitcoin machine and sent it to the QR code I was provided, I received another email saying I needed to pay a Cost of Transfer fee. This is when I figured out that something wasn’t right,” McGovern says.
Better Business Bureau has the following tips to avoid QR scams
- If someone you know sends you a QR code, also confirm before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure they haven’t been hacked.
- Don’t open links from strangers. If you receive an unsolicited message from a stranger, don’t scan the QR code, even if they promise you exciting gifts or investment opportunities.
- Verify the source. If a QR code appears to come from a reputable source, it’s wise to double-check. If the correspondence appears to come from a government agency, call or visit their official website to confirm.
- Be wary of short links. If a URL-shortened link appears when you scan a QR code, understand that you can’t know where the code is directing you. It could be hiding a malicious URL.
- Watch out for advertising materials that have been tampered with. Some scammers attempt to mislead consumers by altering legitimate business ads by placing stickers or QR codes. Keep an eye out for signs of tampering.
- Install a QR scanner with added security. Some antivirus companies have QR scanner apps that check the safety of a scanned link before you open it. They can identify phishing scams, forced app downloads, and other dangerous links.
McGovern says these codes are here for the long haul. They’re convenient to use, just be smarter than the con artists.
“It’s the way of the future and unfortunately, scammers always seem one step ahead of us,” she says.