Yes, QR Codes can be faked. As QR Codes have gained popularity during the COVID-19 pandemic for contactless payments and adverts, scammers have gone rampant with QR Code frauds. In fact, the FBI issued an official warning in January 2022 against malicious QR Codes being used to commit online scams.
Scammers tamper with QR Codes to steal financial information, commit cryptocurrency frauds, and download malware onto the users’ devices. What would generally be a safe QR Code is now a medium to commit fraud by cybercriminals.
So, how do you check the reliability of a QR Code? How do you spot a fake QR Code to steer clear of any frauds, and what do you do if you’ve already scanned one?
Find out all this and more in this article. So, let’s get started.
How Secure Are QR Codes?
With the overwhelming amount of data supporting the use of fake QR Codes to commit cybercrimes, you’d be wondering if QR Codes are secure to scan. While QR Codes themselves do not pose a risk to security, the data embedded in them do. Like any other thing on the internet (fake URLs, fake emails, fake profiles), cybercriminals can use QR Codes to steal your data. Since humans cannot read QR Codes, they’ve become an effective medium for phishing attacks and malware transmitters without being recognized.
To keep yourself from scanning a fake QR Code and landing in an undesirable situation, head on to the next section and find out how scamsters exploit QR Codes to steal from unsuspecting victims.
How Do QR Code Scams Work?
QR Codes respond by triggering specific URLs, phone calls, or photos when scanned. QR Code frauds happen when malevolent scammers tamper with the physical or digital QR Codes. There are various ways they carry this out, such as placing a malicious QR sticker over the genuine QR Codes in restaurants and on the parking meters, altering the digital QR Codes, or sending fake QR Codes through emails and social media.
Scanning fake QR Codes send victims to a malicious URL where they’re made to enter sensitive information or directly download malware on their device and hijack it. In turn, victims lose large sums of money.
To help you steer clear of any such frauds, we’ve compiled a list of the latest QR scams that are currently pervasive. But before that, learn the things you must know before scanning a QR Code.
6 Things You Must Know Before Scanning A QR Code
QR Codes have become a common sight. An average of 45% of shoppers in the US had scanned a QR Code within three months of a survey conducted by Statista.
And, because you’re likely to come across a QR Code that you’d want to scan, it’s only wise to know when you shouldn’t be scanning one to keep yourself from getting scammed. Here are 6 things to keep in mind when you come across a QR Code:
- QR Code from an unknown source
If you’ve received a QR Code from an unknown profile that you do not recognize, do not scan it. Even if you’re sent the code through a friend, call them to confirm where they received it.
- QR Code stickers
Before scanning a QR Code, check to see if it’s a sticker. Never scan a QR Code that’s pasted as a sticker over an original QR Code.
- Scanning through a third-party app
Most Android and iPhones have built-in QR readers in their cameras. You do not require a particular app to scan a QR Code. So, avoid downloading any QR readers because they’ll most likely trick you into sharing personal data.
- Downloading an app through a QR Code
Never download an app through a link provided in QR Code. Instead, download the app directly through the App Store.
- Scanning QR Codes from an email
If you receive a promotion in an email that requires a QR Code scan and feels too good to be true, it probably is. Crooks send such emails to trick you into revealing sensitive information.
- Fishy QR Codes
Consider the setting in which you’re presented with a QR Code. Does it make sense for a QR Code to be used in that particular situation? For example, a large bright-colored QR Code with no additional information on a train station doesn’t make sense. Avoid QR Codes in such cases.
Now, let’s move on to the prevalent QR Code scan you should be cautious about.
7 Latest QR Code Scams That You Should Be Aware Of
There are numerous creative ways to utilize a QR Code, resulting in their rising popularity in several marketing campaigns. Unfortunately, it has also opened the gateway for cybercrimes by some crooks. This makes the danger lurking behind QR Codes inevitable. Here are some examples of how cybercriminals use fake QR Codes to trick you.
- Fake QR Codes In Emails
We’ve all heard of phishing attacks. Phishing is the practice where an internet user is tricked into revealing their credentials through a deceptive email by someone who claims to be well-known. Earlier, phishing attacks happened through spammy URLs in the email, but in recent times, QR Codes have been made part of the malicious attacks and are better known as ‘quishing.’
Contact the store if you’ve recently purchased an item and receive the store’s email containing a QR Code and claiming your payment was unsuccessful. Do not use the contact information provided in the email; instead, go to the official website for the contact info. The FBI has warned that these emails are part of fake QR Code scams.
- Fake QR Codes In The Mail
Spammy QR Codes do not only occur in emails; they can land in your mails as well on brochures and flyers. It’s best not to scan a QR Code in such a case. An unexpected email should always make you suspicious of scanning the codes.
The scammers print fake QR Codes on brochures for legitimate businesses. They also sometimes put a sticker on the original QR Code. Always beware of scanning the sticker QR Codes.
- QR Codes Sent Over Social Media
QR Codes sent over social media that claim to offer great promotions are a thing to be wary of. Scammers put up QR Codes on social media claiming that the scan offers money or too good to be true rewards. Users often fall for these fake QR Codes and end up losing money instead of gaining any.
- Cryptocurrency QR Code
Scammers hoax customers into downloading cryptocurrency apps through fake QR Codes. They affirm the victim that they’d get rewards when in reality, it’s just an approval token to the user’s crypto wallet. The scam results in the users losing significant funds.
Another form of QR Code scam that has come into sight is related to the bitcoin QR Code generator. When searching for a ‘Bitcoin QR Code generator’ on google, a staggering 4/5 of the search results lead to scam websites. If a user tries to generate a QR Code for their wallet, it creates QR Code for the scammer’s wallet instead. Thus, all the resultant payments direct toward the scammer’s wallet. Forbes states:
“Researchers calculated that some $20,000 had recently been lost to QR Code scams, calling their findings “just the tip of the iceberg,” as thieves likely regularly change their bitcoin and crypto addresses to avoid detection and blacklisting.”
- Fake QR Readers That Install Malware
QR Code scanner apps do not serve any purpose as most Android, and iPhone devices come with scanners native to the camera. FBI has issued a warning against QR Code readers, stating they download malware into the smartphone.
Kim Komando shares one such QR scanner app scam on their website, where banking trojans wreak havoc with the victims’ finances.
- Fake QR Codes In Contactless Payments
The advent of COVID-19 led to most payments being made contactless, and the payment mode mostly shifted to QR Code scanning. Scammers have taken this opportunity to conduct frauds and steal money.
The cities in Texas have seen incidences where scammers used fake QR Code stickers on the parking meters to divert the parking payments to themselves. However, parking places were not the only targets of these fraudsters. The fake QR payments are appearing on billboards and online ads as well.
- Fake QR Codes For Receiving Money
Fraudsters use fake QR Codes to collect money. For example, they’d send a QR Code over WhatsApp, claiming that you’d receive an ‘x’ amount of money in your account by scanning this code. Where in fact, this QR Code is a UPI (Unified Payment Interface) payment collection request, and scanning and filling out your PIN will give away your information to the scammers. Remember that QR Codes are only used to make payments and not receive payments.
What Happens If You Scan A Fake QR Code?
Here are the 3 things that happen once you scan a fake QR Code:
- They’ll lead you to a spammy and fake website that’ll ask you for your personal data.
- They’ll fetch your banking information and logins.
- Send you a fake UPI request
How To Spot A Fake QR Code?
QR Codes aren’t designed for the human eyes to read, and that’s exactly what these crooks have cashed on. While there isn’t a way for you to read a QR Code, there indeed is a technique to spot the legit from the fake ones. Here are a few good tips to spot fake QR Codes.
- Look for tampered QR Codes: see if QR Code looks distorted and different from a standard QR. Check if it’s a QR Code sticker.
- Check the redirecting link: scan QR Code through your phone camera and check the link it’s directing toward. If the link looks fishy and spammy, leave it.
- Do not open QR Codes in the emails: unless you know the sender is a legitimate business, avoid QR Codes received through emails.
What To Do If You’ve Entered Sensitive Information Into A Fake QR Code?
If a scam has played you, the best response is to call your bank’s hotline, temporarily block your account, and report the fraud. If you’ve transferred money to a fraudster, report the incident to your local police. Another thing you should immediately do is change all of your account passwords.
5 Ways To Protect Yourself From QR Code Scams And Frauds
- Install an Antivirus: Your phones need virus protection like your PCs and laptops. They can protect your phone against a malicious attack from a fake QR Code or spammy URL.
- Use a password manager: Fake QR Codes leading to websites that require you to input your login details are more likely to be detected as spam by your password manager. So, it’s always a good idea to have one in place.
- Do not make payments using QR Code: even if a business asks for payment through QR Code, tell them you’d like to pay with an alternative method like a bank transfer.
- Do not scan QR Codes in public places: scammers often take advantage of busy public areas where they rush you to scan a QR Code for a reward or help them. Face-to-face QR scams have been reported in many instances where the victims couldn’t refuse a scan so they wouldn’t sound rude.
- Do not scan QR Codes from strangers: whether you receive them as text, WhatsApp, or emails, do not scan QR Codes from strangers.
Make Sure To Use A Secure QR Code Generator Like Unitag
Unitag’s QR Code platform is GDPR ( General Data Protection Regulation) compliant. This means we protect our customer’s data from any unauthorized third-party websites. So, you can rest assured that your QR Codes do not act as the source of any sensitive data being compromised.
Of course, most scammers use social hacking to play you, which is why your data can leak. Rest assured that Unitag’s QR Code generator is secure and safe to use. Build your very own custom QR Codes with Unitag. There are lots of formats to choose from, and it’s free!