The FBI warns all American residents to be careful when scanning QR codes after discovering cybercriminals are using fake codes to steal money and identities.
The new scam is yet another one that has come out of the coronavirus pandemic. For businesses, including restaurants, to practice safe and sanitary measures, QR codes are being used in place of things like menus and payment methods.
Cybercriminals have recognized this and have started creating their own codes. Instead of directing consumers to the correct websites, they direct them to fraudulent sites designed to steal sensitive information and money.
In one particular case, fake QR code stickers were plastered around an Austin, Texas, city parking lot. Those using the lot scanned these QR codes to pay for parking and were directed to a fraudulent website where the scammers stole their credit card information.
There are several risks of this scam:
- You pay a fraudulent vendor without realizing it and lose your money
- You don't pay the actual parking lot vendor and risk getting a ticket
- The scammer has your credit card information which they can use for further credit card fraud
How to Beat This Scam
When scanning QR codes, whether for parking lots, menus, or other reasons, always check the URL that you are directed to. Ensure that you're on the business's actual website before entering any information.
Also, look for other red flags of a scam on the website itself, such as:
- Misspellings and poor grammar
- Sketchy website design (e.g., skewed logos, blurry images)
- Broken website elements
- Strange payment options (e.g., accepting payment via gift card or money transfer)
QR Code Best Practices
Some of the most common reasons to scam QR codes include to:
- See a restaurant's menu
- Pay your check
- Pay for parking
- Download an app
- Visit a website
To stay safe when using QR codes, follow these tips:
- When possible, go directly to the business's website (not via the QR code) and complete your transaction there.
- Download apps via your phone's app store instead of scanning a QR code.
- Only trust websites that are secure (i.e., have the padlock symbol in the address bar and start with "https://").
- Verify the trustworthiness of an app before downloading and using them.
- Don't scan QR codes that don't have additional information attached (e.g., don't scan a code you find on a random street pole).
- Don't enter any information that you don't think is necessary (e.g., don't enter your payment info if all you're trying to do is view a menu).
What if You Fall for This Scam
If you think you've entered your information on a fraudulent website after scanning a QR code, your money and identity are both at risk. You should follow these steps to reduce the damage:
- Report the fraud to your bank and dispute the transaction.
- Cancel your credit card so the scammers can't continue using it for fraudulent purchases.
- Report the scam to the authorities, offering as much information as possible, including where you scanned the QR code and what website it took you to.
- Change any passwords you entered onto the website (e.g., if you paid via PayPal and entered your login information, change your PayPal password).
- Regularly monitor your accounts to ensure no further fraudulent transactions are being made.
In the rare case that you entered your Social Security number on the scam website, you should also:
- Monitor your credit report and look for any fraudulent activity
- Place a fraud alert on your credit report
- Freeze your credit altogether (to be extra safe)