BY PARTH SHAH

How to avoid QR Code hacking

Quick Response (QR) codes have existed for several years, and their popularity sky-rocketed during COVID-19. QR codes bring significant advantages. However, cybercriminals and scammers have exploited several ways to hack QR codes to access your personal and financial information illegally. These malicious and tampered QR codes can steal money and spread malware on your iPhone or top budget Android phone

QR codes have become the preferred way to open paperless restaurant menus, allow contactless payments, and share online forms, websites, and other information. A QR code scanner is built-in on most modern phones. Scanning a code and accessing the info behind a grid of black and white squares only takes a few seconds. Tampering with a QR code is easy and doesn’t require rocket science. It’s one of the reasons why QR phishing attacks are on the rise.

How QR code hacking works

There are dozens of QR code generator tools. Creating a fake QR code takes a couple of minutes. It’s easy for a scammer to redirect you to a malicious website because the human eye can’t differentiate a malicious QR code from a genuine one.

Source: Unsplash

Whether it’s a café, parking area, or other public place, cybercriminals replace the genuine barcode or a QR code with one that embeds fraudulent websites. They aim to steal your personal information, financial details, and social security number or download something that will compromise your device’s security.

Scammers sometimes program a QR code to take you to a payment site, follow social media profiles, and send emails without your consent. These are common ways to hack a QR code and implement phishing attacks to compromise your login credentials and reputation.

A QR code scam can come from anywhere. These scams occur at parking meters, via phishing emails, in restaurants, in random conversations with strangers, on social media, and more. Keep the following warning signs in mind before interacting with an unfamiliar QR code.

Don’t scan QR codes in public places

Source: Pixabay

QR codes are used in restaurants, cafes, airports, railway stations, parks, and other places. While scanning a QR code at a familiar hotel or amusement park is fine, avoid it at other places where it can easily be tampered with. Scammers mostly replace it or apply a fake QR code sticker on top of it. Check such a QR code closely and avoid it if you notice any sign of tampering.

Check the URL

When you scan a QR code, it tells you a destination URL before opening it. Be extra cautious before proceeding if it’s a shortened URL.

Look for grammar mistakes and poor English

Hackers and scammers don’t put extra effort into polishing their language on fake websites. You often find misspelled words (WALMRAT vs. WALMART), incorrect grammar, irrelevant sentences, and other minor mistakes in malicious links. Avoid sharing important information on such websites and report it to the authorities or the hotel owner.

Don’t use QR codes on unexpected packages

It’s another growing QR code scam. The fraudster mails you a product that you never ordered. The packaging asks you to scan the QR code to check the instructions to return an item.

The QR code takes you to a fake website and asks you to fill in irrelevant forms with personal data like your credit card number, address, Amazon or Best Buy account details, and more. Sometimes, scammers ask you to choose between paying a shipping fee or sharing personal information. Most users go with sharing private information to avoid shipping fees.

Confirm the order from your Amazon, Best Buy, or Walmart account when you receive such a parcel.

Don’t fall for dramatic returns on crypto

Crypto scams via a QR code can cause a financial loss. The scammer contacts and informs you about the data hack on your bank account. You are asked to scan a QR code to convert your money into Bitcoin, Ethereum, and other cryptocurrencies. You are sending your money to a scammer’s Bitcoin wallet.

In another scenario, fraudsters on social media and dating sites offer unrealistic returns on crypto and ask you to invest. They share a QR code that takes you to an official-looking web page. Such fake websites boast high returns on investments with fake charts and graphs. You can load up your crypto wallet, but you’ll run into errors when withdrawing your money.

The scammer vanishes with your money before you report the website to the authorities or the FBI. Sometimes, the scammer may ask for ransomware to unlock your crypto wallet.

Don’t install unlicensed apps

Source: Pixabay

If a QR code asks you to download a random app, avoid it. It may install malicious software and steal sensitive data like phone numbers and saved credit card information. For privacy and security reasons, use the Google Play Store or the App Store to install apps on your mobile device.

Beware of rising QR code scams

If you have been scammed through one of the QR code hacks, change your account password, inform your bank, activate 2FA (two-factor authentication) for essential services like Google and Microsoft, and store private information on a top password manager to keep prying eyes away. Keep the points above in mind and deal with only legitimate QR codes.