QR codes are everywhere on everything from product packages to restaurant menus. They’re a convenient way to quickly access websites or learn more about a product or service just by scanning with your smartphone. However, it’s important to know that some scammers are using this technology. In this guide, we’ll dive into the world of QR code scams and share some essential tips on how to keep yourself safe from potential cyber threats. Stay informed and protect yourself while enjoying the convenience of QR codes!
The Danger of QR Codes
In an interview with CSO Online, Alex Mosher, global vice president at MobileIron, stated, “By their very nature, QR codes are not human-readable. Therefore, the ability to alter a QR code to point to an alternative resource without being detected is simple and highly effective.”
Recent research revealed that nearly 75% of people need help to tell the difference between a legitimate QR code and a harmful one. This highlights a crucial need for education on how to safely use QR codes and understand their different purposes.
How Does a QR Scam Happen?
QR code scams come in many forms, but here are a few current examples:
“Quishing” or QR Code Phishing
Hackers are getting clever with a tactic called “quishing,” hiding fake websites inside visually appealing QR codes. This makes it challenging to spot a scam just by checking the website link before scanning the code.
Typically, these scammers send phishing emails designed to create a sense of urgency—like alarming alerts that make you feel rushed. This pressure can lead you to act quickly without fully paying attention, which is exactly what they’re counting on to trick you. Stay vigilant and always double-check before scanning any QR code, especially if it comes from an unexpected source!
Placement of fraudulent qr codes
Recently, scammers have started to misuse QR codes, commonly found on product packaging in stores. They cover legitimate QR codes with their own, leading you to fake websites designed to steal your personal information. When you scan these altered codes, you’re often directed to sites that request sensitive details such as your address, credit card information, or login credentials.
malware installation
Scammers are getting clever by lacing fake QR codes on stickers and posters in busy public areas. When people scan these codes, they are redirected to a questionable website encouraging them to download an app. Unfortunately, this app often contains malware that can infect your phone without you even realizing it.
Real Life QR Code Scams
Energy company quishing
In August 2023, cybersecurity researchers at Cofense detected a widespread phishing attack targeting a major energy company in the United States.
In a recent targeted phishing attack, over a thousand emails were distributed, nearly 29% explicitly aimed at an energy company. Other industries affected included manufacturing (15%), insurance (9%), technology (7%), and financial services (6%).
The attackers cleverly crafted their emails to include QR codes, which directed recipients to a fake Microsoft 365 login page. Creating a sense of urgency persuaded users to “update” their account settings within three days. This trickery led to a swift response from many, resulting in the theft of valuable login credentials. It’s a reminder to stay vigilant and cautious with unexpected emails!
malicious paw patrol qr
In September 2023, a concerning incident involving a children’s snack range linked to the popular cartoon ‘Paw Patrol’ came to light. A URL printed on the themed snack products was compromised by cybercriminals, “directing users to inappropriate, pornographic content.
In response, Lidl, the discount supermarket chain, decided to recall all affected snack products as a precautionary measure. They clarified that these snacks were part of a limited-time offer from a specific brand, and while they are not a staple in their inventory, they can still be found at other retailers.
Lidl issued a public notice alerting shoppers about the QR code hijacking issue to ensure customer safety. They encouraged anyone who purchased these products to avoid scanning the URL and to return the snacks to their nearest store for a full refund.
According to reports from TechCrunch, the domain linked to this cyber attack is currently registered to an individual in Lianyungang, China. Interestingly, the domain was previously owned by Appy Kids Co., the manufacturer of the ‘Paw Patrol’ snacks, which has been out of business for over a year, according to the Company’s records.
This situation serves as a reminder of the importance of digital safety and vigilance, especially when it concerns children’s products.
Protecting Yourself from QR Code Scams
1. Be Cautious in Public
If you encounter a QR code on a poster or sticker in a public area, think twice before scanning it. Only trust codes from reputable sources that you know and recognize.
2. Verify Before You Scan
Always check the source of a QR code before scanning it. If it’s on a product, make sure it’s the original code rather than a sticker that could have been added later.
3. Don’t Share Personal Info
If a QR code directs you to a website asking for personal details, such as your social security number or credit card information, be suspicious. Legitimate websites wouldn’t request this kind of sensitive information.
4. Keep Your Phone Updated
Update your smartphone’s operating system and security software regularly. This is crucial for protecting against malware and other potential threats.
By following these simple practices, you can enjoy the convenience of QR codes while avoiding scams. Stay safe!
QR Code Scams | Conclusion
QR codes are quick and easy to access information, but caution is important. Scanning codes in public places can expose you to scams, so always check the source before you scan. And remember, never share your personal information! By staying aware, you can enjoy the advantages of QR codes safely.
If you’re worried about QR code scams or other cyber threats targeting your business, look no further than AtNetPlus. We’ve been protecting businesses in Northeast Ohio from these attacks since 1998. Let us help you keep your business secure! Learn more about our award winning Cybersecurity Services.
Sources:
- How attackers exploit QR codes and how to mitigate the risk | CSO Online.
- Why you should think twice before scanning QR Codes | techradar
- Major Energy Company Targeted in Large QR Code Phishing Campaign | COFENSE
- Lidl recalls Paw Patrol snacks after website on packaging displayed porn | TechCrunch
- APPY FOOD AND DRINKS LIMITED | gov.uk