Scammers are using QR Codes for scams. Surprised?

This is a QR code.

QR codes are great tools for businesses and organizations. Point your smartphone camera at a QR code, and the code will tell the phone what to do. Typically, QR codes open a webpage or an app.

Who uses QR codes and why?

Businesses use QR codes to provide easy links to their websites and apps. Your airline probably has a QR code at their airport counter that directs customers to the airline’s reservation app. Your parking meter may sport a QR code that links to the app for online parking meter payments. Restaurants use QR codes to direct customers to online “touchless” menus. We use QR codes here at Oasis to guide our readers to our online cybersecurity training and make it easier for classroom students to open surveys.

Who would have ever thought that scammers would latch onto such a convenient technology? Raise your hand!

Anyone can make a QR code. Having a QR code does not imply legitimacy.

Simplicity is part of the beauty of QR technology. Anyone can quickly make a QR code using an online QR code generator. There isn’t a QR vetting process or a QR oversight board. So, of course, scammers have jumped on the QR bandwagon. Remember the parking meters I mentioned earlier? Scammers in one city have printed fake QR codes and taped them over the legitimate QR codes on meters. The fake codes lead victims to a site that collects credit card information for the scammer, not the city. Imagine being scammed and then getting a parking ticket on top of that!

How do you protect yourself?

Your best protection is, as always, to take a minute and evaluate the situation. Does the QR code on the gas pump look professionally printed, or is it a taped-on piece of paper? Is the QR code connected to a legitimate business or organization?

Scammers use QR codes to lead users to dangerous websites designed to mimic legitimate sites or otherwise configured to steal personal information. As with all scams, your best initial protection is to always be on guard against outrageous claims, offers you weren’t expecting, or language designed to scare you into reacting quickly and without thinking. These are the social engineering tricks common to all scams.

Check the web address (URL)

You should check the website address of any link you follow using a QR code. This is true regardless of the link’s source—email, text message, or QR code. Double-check that the web address is correct and not some weird scammer site. And remember that banks and government agencies do not use email, texts, or QR codes for official business.

Get the full scoop on protecting yourself online with videos and lots of examples of scams—for free—at our online cyber security course the Oasis Connections Guide to Online Safety. Or use this QR code to open the course webpage in your mobile phone!