WASHINGTON — From menus at restaurants to paying for public parking, getting into an event or boarding a flight, QR codes are everywhere, and the Federal Trade Commission (FTC) is warning that scammers can hide harmful links in QR codes to steal personal information.
According to the FTC, there are reports of scammers covering up QR codes on parking meters with a QR code of their own. Scammers can also send a QR code by text message or email and make up a reason for the recipient to scan it.
QR code scams are designed to create a sense of urgency and try to get users to scan the QR code and open the URL without thinking about it, the FTC warns.
Some typical scams include:
- A scammer impersonates a shipping company and says they couldn’t deliver a package, requiring the recipient to contact them to reschedule.
- A scammer impersonates a bank or other company and claims there is a problem with an account, requiring the recipient to confirm their information.
- A scammer impersonates a bank or other company and says they noticed suspicious activity on an account, requiring the recipient to change their password.
The included scam QR code could take a user to a spoofed site that looks real but isn’t. Logging in to the spoofed site allows scammers to steal any information entered. Or the QR code could install malware that steals information.
The FTC offered the following tips for users to protect themselves:
- If you see a QR code in an unexpected place, inspect the URL before you open it. If it looks like a URL you recognize, make sure it’s not spoofed — look for misspellings or a switched letter.
- Don’t scan a QR code in an email or text message you weren’t expecting — especially if it urges you to act immediately. If you think the message is legitimate, use a phone number or website you know is real to contact the company.
- Protect your phone and accounts. Update your phone’s OS to protect against hackers and protect your online accounts with strong passwords and multi-factor authentication.