Checking in at a test centre, downloading a restaurant menu onto your phone, looking up a website advertised on a poster: QR codes have become part of everyday life.
Criminals are also taking advantage of the popularity of these black and white square codes, designed for reading with your smartphone camera.
The scam works like this: A legitimate-looking QR code guides an unsuspecting person to a fake website. There, the user is asked to log into a sensitive account, such as a payment service.
The scammers then gain access to your financial information, allowing them to make payments or steal cryptocurrency.
That’s why US law enforcement agency FBI is calling on users to limit their trust in public QR codes, even in official settings, as they are easy to manipulate or cover with codes linking to fake websites.
It is also possible that a QR code brings you to a site that downloads and installs malware on your phone, allowing cybercriminals to gain access to your device and the data on it and potentially hold it ransom for a payment.
To avoid falling for a QR code scam, the FBI offers the following tips:
– When scanning a code, check that the website you were expected actually opens and that it is authentic: The web address must be completely correct (no misplaced letters or errors).
– If a website is asking you to log in to a service where your personal information or financial data is stored, alarm bells should be ringing if the page was accessed via a QR code.
– If possible, do not make any payments on websites accessed via a QR code. Instead, it is better to manually enter the website of the platform you’re looking for.
– In the case of printed QR codes, you should always make sure that nobody has pasted a different code over the original code.
– If possible, don’t start app downloads and installations via QR codes, but download apps from the official stores.
– Don’t install a QR code scanner app: The camera on your smartphone should already work as a scanner. If not, you can find a scanner function in your browser.