Quishing – A Quick Response (QR) Scam Alert
QR Codes, those handy black and white square barcodes, make it extremely easy to get to websites, download apps, and pay for services with one’s smart phone.
Scammers have found ways to turn this convenience into a way to obtain personal information and steal money from people. Bogus QR codes not only can redirect payment using phony links but also can contain embedded malware that lets a criminal gain access to a victim’s mobile device and financial and personal information.
Scams using QR codes reported to the FBI, Better Business Bureau, or police:
- Scammers affixed QR code stickers on Pay to Park kiosks, which directed drivers to a website that had them enter their credit card/bank account information.
- Drivers received fake parking tickets with QR codes, which directed them to a fake website to obtain their credit card/bank account information
- At restaurants, real QR codes taped to tables that patrons could use to pay for their meals were covered by fake ones
- Sham QR codes have also appeared on billboards, online ads, and phishing emails; all designed to trick people into divulging personal information
QR Code Tips:
Be alert to the site the QR code sends you to. Is the web address legitimate? It should be a “.com” (one of the scam ones was “.xyz”)
Inspect the QR code before scanning it. Does it look like a sticker that’s been placed over the original?
Do not trust a QR code that was supposedly emailed by a friend (whose account may have been hacked) or that appeared in a text, online post or mail piece. Instead, use a browser and visit a website using a domain name you know is legit
Avoid using a QR code to pay a bill. There are many other payment methods that are less susceptible to fraud
Just as you should never click on suspicious hyperlinks or download fishy attachments — especially anything sent by strangers — avoid suspicious QR codes, which can take you to weird websites or sites that are created to look safe but are nothing but trouble.