Scams and Fraud

6/6/2023 | By Sharat Potharaju

While hucksters and fraudsters have been around for ages, new technology means new ways to trick people out of their money. Sharat Potharaju, co-founder and CEO of a digital business, shares four ways to protect yourself from QR code scams.

QR codes are everywhere — from restaurant menus and posters to event tickets and TV commercials. The technology’s convenience and functionality have led to a surge in popularity over the last few years. About 100 million people are expected to use QR codes by 2025, almost doubling the numbers from 2019. Unfortunately, scammers have also jumped on this trend.

Bad actors can manipulate codes to redirect users to pages where criminals can steal personal and financial information. Seniors are a prime target, but a few precautions can identify risky codes and protect your information.

QR code risks

Let’s start by exploring how criminals can use QR codes to exploit you.

Steal personal information

A fraudulent QR code may download malicious software to your smartphone. The malware enables scammers to access your personally identifiable information, track your real-time location, or take over your device.

Criminals may also direct you to a phishing website that appears legitimate. This realistic-looking site may trick users into entering log-in credentials, credit card numbers, or social security numbers, which thieves can then steal.

Redirect payments

QR code at a coffee shop, from Prykhodov. For article on QR code scams.

Scammers will exploit a QR code to send money from your bank account to theirs. These codes often appear in places where you pay, like in a store checkout line. When you log in, you may believe you are on a legitimate website and proceed to enter payment details. Criminals use that data to make payments from your account.

If you shop online, you may receive a phishing email or text claiming a payment has been canceled or asking for payment consent. A QR code embedded in those messages will take you to a fraudulent website where the hackers collect your information.

Fortunately, you can protect yourself in a few ways.

Know how to spot QR code scams

Spotting a QR code scam requires attention to detail. These four steps help you keep your information safe.

1. Scan only from trusted sources.

Only use codes from companies or people you trust. Additionally, try to stick to codes in familiar and secure environments. Criminals can tamper with public codes, such as those on fuel pumps or posters. Sticker QR codes are dead giveaways for suspicious activity. Never access a QR code from an email or text from someone you don’t know. If you are concerned the message may be a scam, manually type in the company’s homepage address to log in or call the help number listed on the page, not the one in the message.

2. Use a QR scanner that first displays the link.

A scanner app that immediately opens a QR code link puts you in danger. Instead, use a scanner that shows you the URL first so you can evaluate a website’s legitimacy. The built-in camera app on most devices previews the address.

Related: What seniors need to know about bluesnarfing

3. Pay close attention to details.

Before you click a link, inspect it closely. Most well-known brands will direct you to a site containing their domain name. Look for typos or misplaced letters in the URL. HTTPS in the address is another sign of a secure website.

When you land on the webpage, evaluate it for brand consistency. Fraudulent sites may include incorrect logos, colors, or fonts.

4. Update device security.

Installing and regularly updating your smartphone’s security software helps prevent a security breach. The updates protect against malicious activity and alert you to unauthorized access to your device’s data.

The vast majority of the time, QR codes are safe and convenient. But as long as new technology arises, criminals will find a way to take advantage. You must be conscientious about where and what you scan and pay attention to where a QR code sends you.

Sharat Potharaju

Sharat Potharaju is the co-founder and CEO of Beaconstac, responsible for crafting the overall strategy and execution. Sharat is dedicated to achieving Beaconstac’s vision to enable digital connection with every physical object and place on the planet. Prior to his entrepreneurial career, Sharat spent a few years working in investment banking at Merrill Lynch in New York. Sharat holds a master’s degree in engineering management from Duke University and a bachelor’s degree in engineering from the Indian Institute of Technology (IIT) Madras.