Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.

QR Code Scams Grow as Digital Barcode Popularity Rises

Date: 01/03/2024
  • Quick Response Codes, or QR codes, grew in popularity during COVID-19. Identity criminals have found ways to attack consumers with the digital barcodes.
  • QR code scams began in India and Brussels in 2020. Now, the Federal Trade Commission (FTC) is warning people in the United States about possible harmful links in QR codes that can steal your personal information.
  • The FTC reports scammers are covering up QR codes on parking meters with a QR code of their own. Identity thieves may also send QR codes in phony emails and text messages.
  • To reduce the chance of a compromise, be somewhat skeptical when using a QR code. Look for things that might seem unusual – like asking for logins, passwords or payment information. Ask an employee if you encounter something you think is odd.
  • You can also reduce your risk of falling for a QR code scam by only using the digital barcodes at trusted entities and avoiding any unexpected messages that include a QR code.
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live chat on the company website. Visit idtheftcenter.org to get started.

Quick Response Codes, also known as QR codes, have grown in popularity over the years. COVID-19 sped up the use, with an increasing number of businesses using QR codes for contactless encounters and transactions. However, identity criminals have caught on to the rise, which has led to QR code security threats to consumers who use them. Now, the Federal Trade Commission (FTC) is warning the public about an uptick in QR code scams.

Waitress providing menu for restaurant goer through contactless QR code

What is a QR Code? 

QR codes are digital barcodes often used for electronic tickets for travel or events, to view a restaurant’s menu or to share product information at a retailer. They are a quick way to get people to websites, promotional codes and mobile payments.

QR Code Security Threats

The convenience of QR codes comes with security risks, too. According to a report by endpoint management and security provider Ivanti, QR code usage is up. However, 83 percent of those surveyed said they used a QR code for a financial transaction in the past three months but were unaware of the risks. Only 47 percent knew scanning a QR code could open a URL, and 37 percent knew it could download an application.

 Identity criminals can exploit people’s trust in QR codes by embedding malicious software into the digital barcodes. In 2020, multiple companies predicted an increase in future QR code scams and attacks. Now, it is coming to fruition, and the FTC says scammers are hiding harmful links in QR codes to steal personal information.

QR Code Scams

There are reports of scammers covering up QR codes on parking meters with a QR code of their own. Other attackers are sending QR codes by text message or email with an enticing, but fake, reason for you to scan it. Some of the phony phishing emails and text messages claim: 1) a package could not be delivered, and you need to contact the sender to reschedule, 2) there is a problem with one of your accounts, and you need to confirm your information, and 3) there is suspicious activity on one of your accounts, and you need to change your password.

What You Can Do to Avoid a QR Code Scam

Attacks can lead to many different actions that range from inconvenient to malicious. However, there is one thing consumers can do to protect themselves from QR code scams: be skeptical.

  • Only scan codes from trusted entities. The Identity Theft Resource Center (ITRC) always tells consumers to use trusted entities when donating to a charity or shopping online because there is less risk. The same advice applies to QR codes. A trusted entity will be less likely to have a malicious QR code on a restaurant menu, plane ticket or promotional code.
  • If you see what seems to be a QR code physically pasted on top of another, ask an employee. The restaurant or retailer may have just updated their QR code, but it could also be a sign of a malicious code.
  • Before scanning the QR code, check the website address of the code. Many phones will allow you to view the web address before you scan it. If you are unsure about the website, you can safely view the site by searching it by adding a “+” sign after the URL. Look for misspellings or a switched letter in the URL. You can also ask an employee about any suspicious website addresses.
  • Do not scan a QR code in an email or text message you were not expecting. Instead, go back to the source of the message directly to verify whether or not it is a QR code scam.

Contact the ITRC

Consumers need to be aware of QR code security threats. The more people protect themselves, the harder it will be for identity thieves to succeed in QR code scams. If you want to learn more or believe you have been a victim of a QR code scam, contact the ITRC. You can speak with an expert advisor by calling 888.400.5530 or using the live chat function on the company website. Just visit www.idtheftcenter.org to get started.

This blog was published on 11/3/2020 and was updated on 1/3/2024.

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.