QR codes, which stand for “quick response codes”, are often found at restaurants and sporting events, on advertisements and informational flyers, and sometimes even on products. The codes provide an easy way for consumers to reach a webpage with a quick scan of your smartphone’s camera. While QR codes can be handy and convenient, they can present some potential risks. There have recently been reports of criminals covering up legitimate QR codes with phony versions that point to malicious websites. If you inadvertently scan a fake QR code, it could take you to a site that’s not safe, putting you at risk of malware, identity theft, and fraud.
Consider these tips to help minimize the risk of QR code scams:
- Check QR code links before you click. When you scan a QR code with your phone’s camera, it typically shows you a preview of the URL instead of taking you directly to the page. You should review this URL thoroughly before clicking on it. If you are unable to preview the link using your phone’s camera, consider using a dedicated QR code scanning application. By inspecting the URL that’s behind the QR code, you can ensure it’s pointing to the expected website, rather than a malicious link. For example, if you scan a Delta Airlines QR code at the airport, you should ensure that the URL preview shows a URL starting with “Delta.com”. If you see something similar, but slightly off, like “Delt-a.com”, that’s a sign that the QR code may be pointing to a phony site.
- Don’t enter personal information on the page. Once you reach a webpage after scanning a QR code, avoid entering any sensitive information or login credentials, unless you can verify that the page is legitimate. A safer option is to open a new browser window and go to the website of the company by directly typing in their web address.
- Avoid QR codes sent by text or email. You should be wary of any QR codes that are sent you via unsolicited or unexpected text messages or emails. Delete any communications from companies or senders you don’t recognize, and if you receive a QR code from a company you believe is legitimate, and you’re interested in what it has to offer, be sure to examine the URL behind it before clicking on it. If you have any concerns regarding the legitimacy of the QR code, contact the company directly to verify that they sent it.
- Keep your phone up to date. One way to help protect yourself from malicious links that could be sitting behind a QR code is to keep your phone’s operating system up to date, and ensure your phone’s web browser is running the latest version as well. This will help to ensure that you have all of the latest security updates and patches to protect you from malware.
- Be smart with passwords. Never use the same usernames and passwords across accounts. If your login information ends up getting compromised from a phony QR code, or some other kind of phishing scam, you don’t want fraudsters to have instant access to every online account you have. You should also get in the habit of regularly changing your passwords so stolen credentials can’t be used for long. Perhaps most importantly, you should always enable multi-factor authentication on your accounts. This setting requires you to enter something other than just a password in order to log in. This could be a code sent to your phone, a special PIN number, or security questions. Having multi-factor authentication enabled gives you an extra layer of protection if your login credentials are compromised.
Although QR codes are popular and can allow convenient access to webpages, it is important to be aware of the potential risks that they could present. By taking some time to inspect a QR code before clicking on its URL, you can help to keep your information safe. Visit our Security page for more information on the latest scams and tips for preventing fraud.