Beware the Double Click! Evaluate QR Codes to Protect Against Fraud


Advertisements

(StatePoint)
Ancient
civilizations
had
hieroglyphics,
we
have
QR
codes:
the
patterned
graphic
boxes
prompting
you
to
access
restaurant
menus,
pay
for
parking,
find
out
information
about
a
package
and
more.


Generally,
quick
response
(QR)
codes
are
safe,
but
they
can
be
used
to
redirect
you
to
malicious
websites,
so
caution
is
important.
Here’s
how
it
works.

  • You
    get
    prompted
    to
    use
    your
    device’s
    camera.
  • You
    scan
    the
    code
    and
    a
    link
    pops
    up.
  • You
    click
    the
    link,
    exposing
    you
    to
    threat
    actors.
  • You’re
    directed
    to
    apps,
    websites,
    locations
    using
    your
    maps
    and
    much
    more.


Advertisements

Bad
actors
understand
people
are
in
a
rush,
so
this
is
an
appealing
form
of
attack.
It’s
a
cost-efficient
scam
because
these
codes
are
easy
to
generate
and
distribute.
And
they
are
creative
in
finding
new
ways
to
make
them
appear
legitimate.
In
public
places,
criminals
can
cover
an
official
code
with
a
sticker
or
printout
showing
a
fraudulent
code.
Some
of
the
more
prevalent
and
convincing
scams
include:

  • Parking
    Ticket
    Scams.
    Criminals
    place
    fake
    parking
    tickets
    with
    QR
    codes
    on
    windshields,
    causing
    unsuspecting
    victims
    to
    scan
    the
    code
    and
    click
    the
    link
    to
    learn
    of
    their
    offense
    and
    digitally
    pay
    the
    alleged
    fine.
  • Brushing
    Scams.
    A
    criminal
    will
    ship
    goods
    you
    never
    ordered,
    then
    require
    you
    to
    scan
    the
    QR
    code
    and
    click
    the
    link
    to
    see
    who
    sent
    you
    the
    gift.
  • Payment
    Scams.
    Criminals
    cover
    a
    legitimate
    QR
    code
    with
    a
    sticker
    that
    has
    a
    fraudulent
    code
    that
    directs
    to
    a
    malicious
    site.
    This
    can
    happen
    at
    gas
    pumps,
    bank
    windows,
    parking
    lots,
    etc.
  • Crypto
    Scams.
    Crypto
    transactions
    are
    often
    made
    through
    QR
    codes
    associated
    with
    crypto
    accounts,
    making
    this
    an
    appealing
    target
    for
    fraudsters,
    especially
    since
    once
    crypto
    payments
    are
    made,
    it’s
    unlikely
    those
    funds
    will
    be
    recovered.

To
stay
safe
when
using
QR
codes:

  • Check
    the
    URL:
    Once
    you
    scan
    and
    the
    link
    pops
    up,
    stop!
    Examine
    it
    for
    unusual
    domain
    names
    or
    shortened
    URLs
    before
    clicking.
  • Verify
    the
    source:
    Only
    scan
    QR
    codes
    from
    trusted
    sources,
    like
    official
    websites
    or
    apps.
    Codes
    from
    unfamiliar
    sources
    are
    more
    likely
    to
    be
    malicious.
  • Check
    for
    tampering:
    Look
    for
    signs
    of
    tampering,
    like
    altered
    graphics,
    design
    flaws
    or
    stickers
    placed
    atop
    original
    codes.
  • Be
    suspicious:
    Treat
    sites
    asking
    for
    a
    password
    or
    login
    information
    as
    a
    red
    flag.
  • Be
    wary
    of
    promotions:
    Be
    cautious
    of
    offers
    that
    seem
    too
    good
    to
    be
    true.
  • Use
    a
    secure
    connection:
    Look
    for
    a
    secure
    connection
    (HTTPS)
    or
    padlock.
  • Confirm
    validity
    of
    request:
    Before
    taking
    action,
    like
    making
    a
    payment
    or
    entering
    personal
    information,
    confirm
    a
    request
    to
    scan
    with
    the
    company.
    If
    you
    receive
    a
    QR
    code
    from
    someone
    you
    know,
    reach
    out
    to
    them
    through
    a
    known
    number
    or
    email
    to
    verify
    they
    sent
    it.
  • Protect
    your
    device:
    Use
    antivirus
    and
    antimalware
    software.
  • Report.
    If
    you
    identify
    a
    suspicious
    QR
    code
    or
    fall
    victim
    to
    a
    QR
    code
    scam,
    notify
    your
    bank
    and
    report
    it
    to
    law
    enforcement
    and
    the
    Federal
    Trade
    Commission.

If
you
scan
a
fake
QR
code,
your
bank
account,
email
and
identity
could
all
be
at
risk.
For
actions
to
take,
consult
PNC
Bank’s
Reporting
Fraud
page
on
pnc.com.


Advertisements

Cyber
criminals
are
always
finding
new
ways
to
defraud
their
victims,
and
QR
codes
are
no
exception.
With
a
little
caution
however,
you
can
better
protect
yourself.

Book a tour at Cynthia Gardens and get $300 off move-in fees for any 12-months lease