Scan Scams: QR Code Phishing

It seems like QR codes are everywhere these days. From everyday use like business cards to the unusual like gravestones, these scannable images can be found all over the place.

However, the more these QR codes are being used for everyday occurrences, the more likely they are to be abused by criminals to scam you out of your highly valuable information. 

One of the common elements in phishing scams is their ability to adapt and distort commonly used societal functions to blend in and attack without being noticed. That’s why so many come in the form of emails or phone calls. However, as people become less likely to fall for these types of scams, the criminals are adapting and making use of new everyday technology.

Types of QR Scams

Parking Meter Scams

A popular new scam for criminals to use is taking a QR code and turning it into a sticker they then put on parking meters. The victim then scans the QR code and enters their payment information into a site that is made to resemble the meter company’s. However, the victim has just given the scammer their vital data, and on top of that, the victim will probably get a ticket since their payment never went to the parking authority. 

Even though this example uses parking meters, this type of scam can be easily replicated anywhere you have to pay in a public place. It combines impersonation by taking you to a site that looks legitimate, and the urgency felt when feeding a parking meter. You are more likely to fall victim to a scam if you are in a position where time is a major factor. 

To avoid this scam, be aware that most parking meters or structures will have their own app that can securely and safely house your private information. Any sticker that could have easily been placed by anyone is most likely a scam and should be avoided. Likewise, use common methods to battle scams such as checking to see if the URL is safe and by never clicking on sketchy links.

WiFi

WiFi is a basic necessity at this point, and people use it everywhere from renting an apartment to writing a screenplay at their local coffee shop. QR codes have made this process so much easier as well. You no longer have to wait in a long line just to ask the person in charge what the WiFi password is, only to forget it a minute later prompting the awkward second trip just for the darn WiFi.

Now, most places that have public WiFi offer a QR code, shortening the entire process to less than 10 seconds. However, this is ripe for criminals to easily implement their own QR code that will provide them access to your device, and that’s the last thing anyone wants to worry about when going to any space. 

To avoid this type of scam be sure to double check the URL, and if anything seems out of the ordinary, ask whomever is in charge if they are familiar with the code. Even though that might have been what you were trying to avoid in the first place, going out of your way to ask about a suspicious QR code can save you and others from a lot of harm.

Discount Offers

Oftentimes while in public, you can come across a sign that has a QR code for a discount to your favorite store. This can be an effective way for stores to passively market their goods to you since you may be more likely to buy their product if it’s on sale. If we can get something cheaper than it would have been, we generally tend to like that. That’s just how our brains work, and unfortunately, criminals know that as well.

They can easily put up a sign or flier advertising a discount that takes you to a fake site similar to the real one. It’s just another example of the impersonation tactic used in so many other phishing scams.  

To avoid this scam, you can always double check with the store itself. Someone there will likely know if the QR code shown is legitimate or not and can take action from there. As before, follow the same safety measures with any link or code that directs you to somewhere else.  

QR codes can be great for eliminating unnecessary steps in a process and help speed up our lives but they can also be used to scam you out of vital information. QR codes are becoming more common by the day and with comes easier access for criminals to make their own that is designed to separate you from private data. Even though it’s easy to use a QR code without thinking twice about it, always be vigilant when using them since your data can be on the line.

Kotman Technology provides organizations with proper security awareness training that can lead to a mindful and vigilant staff. With over 20 years of managed IT support and service, they can be sure your team will be safe whenever online payments, credentials, or personal details are involved.

Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. We pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.