Everything You Need To Know About QR Code Phishing Scams

By: Marco
December 19, 2022

Thanks to QR codes, now when you go to many restaurants, you can use your smartphone to place an order. You don’t have to touch a potentially germy, food-smeared menu, and restaurants don’t have to keep producing and distributing them.

Everybody wins in this scenario! The problem is that “everybody” now includes hackers. 

The QR Code’s Claim to Fame

Here’s a bit of trivia to impress your friends: QR stands for Quick Response. These codes were first used in the Japanese automotive industry back in the ‘90s to track vehicles and their parts during the manufacturing process. These codes worked very well because unlike a traditional bar code, they can store more data, like website URLs, numbers, and up to 4,000 text characters. 

QR codes can now help us accomplish these tasks:

  • Automatically retrieving information 
  • Downloading an app onto a smart device
  • Authenticating accounts
  • Storing encryption details
  • Sending and receiving payments

Why We Can’t Have Nice Things

QR codes help you accomplish chores and transactions quickly, without having to think. They’re newer and a bit mysterious…but they look more official, and don’t generate suspicion like emails do. And what I just said is exactly why hackers started paying close attention to this technology. 

As it turns out, QR codes are a scammer’s paradise. 

How QR Code Phishing Scams Work

QR codes aren’t all-powerful. But they can harvest your contacts, compose emails, and take you to a malicious website where you may be asked to upload your financial information or other sensitive information. Since you can’t easily read a QR code like you can a website’s URL, many cybercriminals are starting to use them, and there’s no telling how often this new tactic works.  

Recent QR Code Scams

Scammers recently used QR code stickers to try to lure motorists in Austin, Texas to a malicious website where they were asked to enter their credit card information to pay for parking. The same scam turned up in San Antonio. 

Scammers are also including QR codes in their phishing emails — which is a combination you should always regard with suspicion. After all, you’re already online when you’re reading your email. Therefore, the code offers no legitimate benefit to the reader. There is, however, a great benefit to the hacker: security software currently has a harder time detecting malicious QR codes. 

Avoid Getting Drawn and QR’d

It’s frustrating, but the good news about QR codes is that they’re just a new way for hackers to pull off the same old scams. With a bit of common sense, you can avoid getting drawn in by malicious codes if you know what to look for. 

Be Wary of Stickers

QR codes invite our curiosity and look innocent, but that’s exactly why you should stop and think before you scan one. If a code is posted in a public place and printed on a separate sticker (instead of incorporated into legitimate signage), avoid it. You should also delete all emails and junk mail containing these codes.

Don’t Go on Auto-Pilot

If you’ve arrived at a website through a QR code, make sure it passes the sniff test before you enter your information. As always, be on your guard for sites that contain misspellings, look slapped together, or ask you for information they shouldn’t need.

Scan First

Many smartphones will preview the URL of a site embedded in a QR code. If you have the option, take a last look before you proceed. You can also download a secure app that is designed to detect malicious links in QR codes. Many well-known, trusted antivirus companies offer free versions. 

These tips will help you stay clear of scams out of the office. However, if you own a business, your staff should receive additional training to keep your data and finances safe.

The Importance of Employee Security Awareness 

Even old-fashioned phishing scams still cost companies plenty. According to the 2022 KnowBe4 Phishing By Industry Report, one out of three American employees is highly likely to click on a suspicious link or email or comply with a fraudulent request. Unfortunately, it only takes one careless action for a scammer to start launching further attacks. The good news is that high-quality, ongoing security awareness training gets impressive results

Your employees can be transformed from your biggest liability into your greatest asset in your battle against cybercriminals, but only if you arm them with the knowledge and tools they need. 

If you don’t yet have a robust security training program in place, our cybersecurity experts at Marco can help you reduce your risk of data breaches, malware, phishing scams, and other potentially devastating cybersecurity incidents. While we’re at it, we can also conduct a comprehensive cybersecurity assessment to identify other areas of risk throughout your organization and recommend solutions and tools to address them. 

But before I wrap up, here’s one final pro tip about cybersecurity: the very best time to address your risk is before something bad happens — not after. 


How Secure is Your Organization? View Cybersecurity Checklist

Topics: Security