FBI warns about QR code scam
Quick Response codes, better known as QR codes, are everywhere these days. During the pandemic, restaurants began using QR codes in place of paper menus. The code directs patrons to order and pay for their food online, reducing direct contact with server staff.
How it works: A code is scanned via a phone camera app, and the user is then redirected to the relevant website.
Troubles can arise, the FBI says, in cases where the codes have been altered. Unwitting users may be directed to malicious sites that prompt them to enter their financial and login information or expose them to malware. The FBI also says fake QR codes can be used to embed malware onto a victim’s phone, giving a scam artist access to the device and potentially any information on it, including financial information.
The FBI offers tips to protect yourself from QR code scammers:
- Before clicking, check the URL to make sure it is for the intended website and is spelled correctly – malicious domain names are often similar to the intended URL but with typos or a misplaced letter.
- Ensure that the material displaying the legitimate QR code hasn’t been tampered with, i.e. a sticker placed on top of the original code.
- Avoid making payments through a site found via a QR code and instead manually enter a known and trusted URL to complete the payment.
- Call the company to verify whenever you receive an email asking you to pay through a QR code. Locate the company’s number through a trusted site rather than the number provided in the email.
- If you receive a QR code that you believe to be from someone you know, reach out to them to verify.
- Don’t download a QR code scanner application as it increases the risk of being exposed to malware. Most phones have a built-in scanner in the camera application.
- Download applications from your phone’s app store instead of from a QR code.
If you believe you have had funds stolen from a tampered QR code, report the fraud to your local FBI field office at www.fbi.gov/contact-us/field-offices. The FBI also encourages victims to report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center at www.ic3.gov.