QR codes are a popular way to offer access to information by scanning the now familiar black and white code with your mobile phone. But not all QR codes are safe to scan.
Scammers are taking advantage of the widespread use of QR codes to launch new versions of old scams.
How the scams work
Scammers have a few ways to try and trick you into scanning fraudulent QR codes:
- Scammers will send phishing emails that contain fraudulent QR codes with seemingly legitimate requests. They may claim that "your payment didn’t go through and you need to provide your credit card information to this website by scanning this QR code." Or they might claim that your account will be closed and urge you to update your details by scanning a code. Scanning the code will lead you to a fake website or payment app designed to steal your information. Other times, scammers use a QR code to spread malware.
- Scammers will post physical QR codes. In a typical scenario, a scammer will pose as a legitimate business and post a notice about a sale or offer. When you scan the code, you’re asked to enter sensitive personal or financial information, like a credit card, and that information is stolen.
Tips to avoid QR code scams
Here are some tips to spot and avoid fraudulent QR code scams:
- Slow down. A QR code is a tool that encourages you to act quickly – QR stands for “quick response.” It works well for advertisers, but it’s important to take your time and assess if you need to scan the code, and whether the information being asked for is legitimate.
- Preview the link. Many phones offer a preview of the URL for the website you’re trying to access. Make sure the URL seems legitimate and isn’t a trick.
- Check for tampering. Avoid scanning a QR code if it looks like a sticker covering another QR code, e.g. an advertisement on the street. Scammers can print fraudulent codes on stickers and affix them to legitimate ads.
- Contact the company. If you’re unsure about the legitimacy of the QR code, manually search for the website you need or call the company providing the QR code from a number you know is correct and confirm that the request is legitimate.
The Canadian Centre for Cyber Security has more tips on how to protect your personal information when scanning QR codes.
If you think you’ve been scammed
Banks take extensive steps to protect your personal information entrusted to them and to help you protect it as well. If you think you’ve been the victim of a QR code scam and provided your financial information to a fraudster, contact your bank immediately. The Canadian Bankers Association publishes a regular Fraud Prevention Tip email newsletter. Sign up to learn about the latest frauds and scams.
Smart steps for sidestepping the latest QR code tricks cyber security,fraud,scams