FTC Alerts Consumers on Scammers Using QR Codes to Steal Data

December 8, 2023

The Federal Trade Commission (FTC) has cautioned that the rising popularity of QR codes comes with potential risks for individuals who may not be vigilant, in a Consumer Alert.  The QR codes, digital patterns of black and white squares often used for storing URLs, have become highly prevalent everywhere. The diversity of applications justifies their popularity, unfortunately, scammers manipulate QR codes by hiding harmful links to steal consumer’s personal information.

There have been numerous ways, scammers employ to target vulnerable victims. Scammers have been reported to mask QR codes on parking meters with their version, while others might send QR codes through email or text, fabricating reasons for you to scam them. A forecast from eMarket suggests that nearly 94 million US consumers are expected to utilize smartphone QR scanners this year, and this figure is predicted to rise to 102.6 million by 2026.

How Scammers Exploit QR Codes?

Deceptively, they fabricate failed delivery claims for users’ packages, compel them to initiate contact for rescheduling, and frequently employ QR codes to deceive individuals into revealing personal information. Sometimes, they try to scam users by pretending an issue with their account and insist them confirm information to address the claimed issue.

Misleadingly, they also claim to have detected suspicious activities on account and pressure users to change their passwords. All of these are fabricated strategies to instill a sense of emergency, prompting them to quickly scan the QR code and open the URL without giving time for careful consideration.

Preventive Measures Against QR Code Scams

A QR code from a scammer could lead to a deceptive site that appears authentic but is not. Logging into fake sites could result in scammers stealing any information users provide. Another risk is the QR code installing malware, stealing users’ information without their awareness. FCT has shared guidance on how to protect from such scams;

Carefully Inspect the URL before Opening

If users come across a QR code unexpectedly, they must carefully review the URL before opening it. If it resembles a recognized URL, they need to take precautions against spoofing by checking for misspellings or altered letters.

Don’t Scan the QR Code Immediately

Avoid scanning a QR code in an email or text message that was not anticipated, particularly if pushes for immediate action. If the user believes the message is genuine, he must contact the legitimate company through a verified phone number or website.

Protect Your Account and Phone

Enhance phone’s security by regularly updating its operating system, providing protection against hackers. Additionally, improve the security of online accounts by employing strong passwords and enabling multi-factor authentication.

Criminals possibly exploit personal information by mixing it with fake information and then use it to execute a variety of illicit pursuits.
Also read: What is Synthetic Identity Fraud?