Consumers who scan a QR code for what they think is a legitimate purpose could actually be giving their personal information to scammers.
“A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” Alvaro Puig, consumer education specialist at the FTC, said in the consumer alert. “And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.”
The consumer alert notes that consumers use QR codes to see restaurant menus, pay for parking, get into an event or board a flight.
Seeing the popularity of QR codes, scammers have seen an opportunity to hide harmful links within them, according to the alert.
The FTC has received reports of scammers replacing QR codes on parking meters with ones of their own, or sending QR codes through text messages or email, the alert said.
The scammers then try to get consumers to scan the QR code and open the URL by falsely saying consumers need to do so to receive a delivery, resolve a problem with an account or change a password due to suspicious activity, per the alert.
“These are all lies they tell you to create a sense of urgency,” Puig said in the alert.
To avoid these scams, consumers should inspect the URL in QR codes before opening them, avoid scanning QR codes in unexpected emails or text messages, update their phone’s operating system, and use strong passwords and multifactor authentication to protect their online accounts, according to the alert.
The FBI said in September that QR code scams are on the rise as consumers increasingly use the option. In its “Tech Tuesday” briefing, the FBI said that consumers who scan a scammer’s bad code could end up giving the scammer access to their device.
“They can access your contacts, download malware or send you to a fake payment portal,” the FBI said in the briefing. “Once there, you can inadvertently give them access to your banking and credit card accounts.”