smartphone scanning a URL to pay in a restaurant
Cybersecurity

QR Code Scams

6.3.25
|
CFCU

What is Quishing?

We’ve talked about phishing, smishing, and now…quishing! Quishing—another name for QR code scams—is a way that fraudsters utilize Quick Response (QR) codes to hack into your device or redirect you to a malicious website.
While QR codes remained commonplace since the rise of smartphones, the 2020 pandemic saw a massive uptick in use. In an effort to minimize contact, you would use QR codes to order food, view menus, upload vaccinations, contact trace, and more. Though times have (somewhat) returned to normal, QR codes remain a fixture in streamlining business operations and transactions.

Common QR Code Scams

While QR codes can appear anywhere, there are a few classic methods that fraudsters like to use:

Restaurant Menus

Fraudsters can place a look-alike QR code on top of a restaurant’s legitimate code. Their QR code will redirect you to a site that may look like a menu, but will steal your payment information!

Parking Meters

Many parking meters can be paid for using a third party app these days. The company may put a QR code on the meter to redirect you to the app store or their website to pay. Similar to the restaurant menus, fraudsters will cover up legitimate codes with fake ones, leading you to their site where they can steal your payment information.

Urgent Emails or Texts

You may also receive phony QR codes via text or email, often with an urgent claim that there is something wrong with a delivery or you need to verify your account information. This is an attempt to hack into your device or learn your account login information.

Mysterious Packages

In this burgeoning scam trend called ‘brushing’, you receive an unsolicited package that has a small gift and a QR code. You are asked to scan the code to find out who sent it and register/activate your ‘gift’. On the spoof website you are sent to, you’ll be asked for financial and account information, usernames/passwords, and other sensitive information.

Spotting Fake QR Codes

Physically Inspect the Code

Before scanning a QR code, take a moment to inspect it. Does the QR code look like it belongs there? You may notice general wear and tear, but also peeling edges or bumps that look like it wasn’t placed correctly. If the QR code is a sticker, you can also try looking underneath to see if it is covering up another QR code

Preview the URL

When you first scan a QR code with your camera, most smart devices will give you a preview of the link destination. Make sure that the address is spelled correctly and looks legitimate. More importantly, ensure it is the website you were expecting!

Be Wary of Unsolicited QR Codes and Urgent Requests

Like with most scams we warn about, a telltale sign that a fraudster is contacting you is a tone of urgency, whether by fear (purported suspicious activity on your account) or excitement (claim your ‘prize’ now!). It is best not to use unsolicited QR codes; if you think the message is legitimate, reach out to the company or access your accounts through known, verified channels.

Protect Yourself from QR Code Scams

Remember to keep your account and device safe to help protect you from scams! Regularly update your device operating systems to keep security measures current. For sensitive accounts, enable Multi-Factor Authentication if you can and regularly change your password.

Archives

Related Articles

Ready to open an account or have some questions?

Reach out to us or visit your nearest branch!