How to Spot Malicious QR Codes

QR codes have been around for a while, but have seen their use increase as the COVID-19 pandemic has grown more severe. For example, square black and white images made it safer for people to see a restaurant menu. Instead of physically handling it, they can see it on their phone.

But with the growing popularity, there have also been some scams. You don’t need a QR code app to follow the embedded links, but that hasn’t stopped scammers from posting fake QR code apps.

Now scammers are placing malicious QR codes in businesses across the country and sending them to unsuspecting victims through other means. Read on for more details on these tricky scams and how to avoid them.

Here is the backstory

A QR code, or quick response code, is a type of barcode invented years ago. The optical tag, through random patterns, stores data such as a website URL, app link, or contact information.

They work by scanning the QR code with your phone’s camera, and a link appears with a short description. But in most cases, you don’t know exactly where it takes you until you click on the URL.

The Better Business Bureau (BBB) ​​warns of malicious QR codes being used by scammers across the United States. BBB said: “Malicious QR codes direct users to phishing websites, fraudulent payment portals and downloads that infect devices with viruses or malware.

Here are some recent QR code scams:

  • Parking meter payments – Fraudulent QR codes are often affixed to the back of parking meters, leading victims to assume they can pay for parking via the QR code if they don’t have change. You don’t pay for parking at all if it’s a fraudulent QR code. Instead, you’ll be paying crooks and your car might be towed when you get back.
  • Cryptocurrency wallets and romance scams – Scammers spend months establishing a romantic relationship with a victim, eventually asking for financial help through a cryptocurrency exchange or advising the victim on cryptocurrency investments. Believing that the scammer has an urgent need or has their best interests in mind, the victim follows a provided QR code and transfers the requested amount to the scammer’s digital wallet.
  • Phishing scams – Crooks send malicious QR codes, sending victims to phishing websites or downloads that will infect devices with malware.
  • Utility and government imposters – Many victims have reported being contacted by their utility company, the Social Security Administration, or the IRS regarding an unpaid debt that they must immediately pay in full. The representative claims that failure to pay the unpaid bill will result in arrest, additional fines, or closure of access to electricity, gas or water. According to the scammer, the regular payment portal for these services is currently offline. But the victim can submit the payment through another portal which they can easily access by scanning a QR code. The code leads to a spoofed site that will scam you.

How to scan QR codes with your phone

Remember that you don’t need a separate app to scan QR codes. Your phone’s camera can do this automatically. But you may need to enable QR code scanning on your phone. Here’s how.

For iPhone:

  • Faucet Settings.
  • Scroll down and tap Camera.
  • The penultimate setting of the first block is Scan QR codes. Toggle the slider to the right to activate the tool if it is not already activated. It will be green when activated.

For android:

  • Open the camera on your Android phone.
  • Press the Settings tooth.
  • Picking out More settings.
  • Epossible Suggested Google Lenses.

For Samsung Telephone (s:

  • Swipe your screen down to access your Quick settings and press QR reader.
  • Faucet OKAY to go to the next step.
  • The Camera app will be launched where you can scan the QR codes. Once the QR code has been scanned, you should be able to launch the webpage below.
  • You may need to enable this setting if the QR code cannot be scanned. Tap the Camera settings icon button.
  • Enable Scan QR codes.

Now that QR code scanning is enabled, you should be able to open your phone’s camera and point to a QR code to get the link. It’s so easy.

Avoid QR Code Scams

Here are the BBB’s suggestions for avoiding QR code scams:

  • Confirm QR code before scanning – If you receive a QR code from a friend via text or social media message, be sure to confirm with that person that they wanted to send you the code to verify that they were not hacked.
  • Do not open links from strangers – If you receive an unsolicited message from a stranger containing a QR code, do not scan it! Be even more careful if the message promises exciting freebies or investment opportunities provided you act now. Scammers use this type of language consistently and rely on their targets to make immediate decisions before taking the time to verify its authenticity.
  • Beware of short links – Imagine that a shortened URL appears when you hover your camera over a QR code. If so, there’s no way to tell where it will take you once clicked. Make sure the QR code is legitimate before following any short links as it may send you to a malicious website. Pro Tip: Once on the website, review the URL and verify that the domain and subdomain make sense to the organization running it. Scammers often swap the domain and subdomains for URLs or slightly misspell a word to make websites look legitimate.
  • Check for tampering – Some scammers try to mislead you by modifying legitimate commercial advertisements or placing stickers on QR codes. Keep an eye out for signs of tampering and, if discovered, ask the company to verify that the QR code displayed is legitimate. Most businesses permanently install scannable QR codes in their establishments using laminate or placing it behind glass. They will sometimes include its logo in the code, often in the middle.

If you’ve been the victim of a QR scam, report it at The information provided can help prevent others from being victimized.

keep reading

Before scanning a random QR code, read this warning

Do not scan this QR code! Hackers use them to steal your information and money