Menu

QR code phishing attacks or “Quishing” are on the rise, and it’s crucial to raise awareness about this evolving threat. Scanning these codes has become second nature to many of us, but have we fully considered the potential risks they pose? 

The use of QR codes have become increasingly popular due to the events of the COVID-19 pandemic, as it is easier to access information, websites, and services all while minimizing the risk of spreading germs. Since QR codes are more common than ever, it has led to the rise of QR code scams. It’s essential to be aware of the risks they pose and to be able to identify a potential QR code scam.

To help you stay informed and vigilant, here are the most common scams involving QR codes: 

1. QR code email scams – Scammers often send fake emails that contain QR codes. They pretend to be a trusted company and ask you to scan the QR code in an email. For instance, they might send a phishing email claiming the recipient must take action to update their Microsoft 365 account settings. If you fall for it and scan the code, you’ll be directed to what seems like a real website where you are prompted for your user credentials. Generally, you shouldn’t scan QR codes that are sent to you in emails.  

The typical warning signs of a scam email includes: 

• A sender with a misspelling of a generic domain (“APPLE” vs “APPEL”).  

• An email about a delivery, purchase, or account you don’t have, didn’t request, or haven’t used recently.  

• An urgency to reply or act. For instance, an email warning your subscription is expiring soon and to renew it quickly. Triggering someone’s sense of urgency is often effective as they often fail to consider if the email is trustworthy. Therefore, it is important to carefully consider whether the email is legitimate before taking any action.  

2. QR code scams on parking meters and contactless payments – This is one of the most common uses of QR codes as it enables customers to pay for goods and services in a quick and seamless manner. If the code is in a public space where it could easily be tampered with, it is highly advised not to pay using that QR code. Also, if you are redirected to a website with an odd URL and a weird design, it is most likely a scam. This could also be verified by checking whether the website uses HTTP instead of HTTPS. 

3. QR code package scams – Scammers will sometimes send physical mail with QR codes. The QR code will typically direct you to a malicious website where you are prompted for your information to either return the package or gain more information about the package.  

Below are tips and best practices to avoid a QR code scam: 

•Verify the source. Before scanning any QR code, verify the source. Only scan QR codes from trusted and legitimate sources. Be cautious when receiving QR codes through unsolicited emails or messages.  

•Check the URL. When the QR code leads you to a website, check the URL in your browser’s address bar. Ensure it matches the official website of the company or organization you expect. Look for https:// and a padlock icon for secure websites. 

•Don’t enter sensitive information. Never enter sensitive information such as credit card details, passwords, or personal information after scanning a QR code unless you are absolutely certain of its legitimacy. 

•Check for tampering. If you’re scanning a QR code that’s in a public place, such as a restaurant, make sure the QR code doesn’t have a sticker above it that a scammer could have placed. 

•Update your device. Keep your smartphone and other devices up to date with the latest security patches and software updates. 

Online safety and protecting your information should always be a top priority. Cyber threats are continuing to become more prevalent and evolve in sophistication. Make sure to follow our blog to stay updated on all the technology safety trends and for tips on how to protect your online presence.  

Discover More