Scammers are increasingly using QR codes as consumers become comfortable with scanning
QR codes can be found virtually everywhere, but while they boost convenience in an affordable way, quishing scams are becoming a growing problem.
As is the case with virtually everything digital, scammers are abusing QR codes
Scanning QR codes is a practice used for everything from reading a menu at a restaurant to paying a utility bill. That said, as they are also a simple way to share personal information, they have also been worked into scams – a practice called quishing – through which the scammers have found ways to exploit the barcodes.
The FCC has released statements cautioning consumers that this scamming practice is becoming increasingly commonplace and reminding consumers to stay on top of this trend, so they don’t become victims to it.
Newer quishing strategies use QR codes to trick people by pretending to be legitimate businesses.
The FCC is warning consumers to be vigilant and if they should receive a text or email from what seems to be a legitimate business, but that recommends scanning a QR code to resolve issues such as suspicious activity on a banking account, something wrong with a shopping or banking account, or to have a package delivered.
Additional strategies
Some scammers have also posted QR codes on parking meters, on kiosks, or on publicly displayed ads. Another technique involves pasting a fraudulent barcode on top of a valid one. Following the link provided by the barcode scan could share login credentials or allow spyware or malware to be installed into the device.
The FCC recommends being very careful and taking steps such as carefully examining a URL before clicking it to open it. It also recommends avoiding the use of QR codes included in emails and texts, particularly if they recommend scanning with a sense of urgency – a common quishing technique. If the message could potentially be legitimate, call the company using a phone number or website on your bill or another verifiable source – not the one provided in a text or email with the QR code – to be sure. Finally, make sure to keep up with the latest security updates and fixes, and use strong passwords and additional layers of protection such as multi-factor authentication.
