Most recently, Inc. noted that QR codes are increasingly being used by scammers. While a warning from the FBI that the publication mentions was released nearly a month before the Coinbase ad appeared, it’s certainly prescient.
In the Jan. 18 announcement, the FBI suggested “cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.” That particular ad you saw on TV? Definitely not malicious. But QR codes that you find in an email, or a sticker near, say, your ATM? They may direct your phone to malicious sites to steal data or embed malware.
QR codes have been around for decades, but they regained popularity during the pandemic, particularly with restaurants and bars (the code would redirect to menus or even ordering/payment by phone options). As well, sites like PayPal and Venmo allow users to scan a QR code to send funds to each other.
How do you tell a good QR code from a bad one? If you can, double check which website you’re being redirected to before clicking anything else (and especially before entering any personal information). Don’t click on QR codes sent by email — the idea behind the technology is to use only when direct links aren’t available — and certainly make sure any code you’re scanning isn’t on some sticker that’s on top of a venue’s legit QR.
And, finally, as the FBI suggests, “While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code.”
Thanks for reading InsideHook. Sign up for our daily newsletter and be in the know.