ADVERTISEMENT
ADVERTISEMENT

QR codes - those square boxes that can be scanned by your phone camera and will take you to an associated website - are gaining more and more popularity, especially as companies strive to give a contactless experience during COVID.

Many companies use QR codes to point you to their apps, track packages, or view menus. But because these codes can't be read by the human eye, they have become a way for scammers to disguise malicious links. As QR codes are gaining popularity, we are seeing more reports of con artists using them to mislead consumers in the submissions that are being shared on BBB's Scam Tracker.

Here's how the scam works:

You receive an email, a direct message on social media, a text message, a flyer, or a piece of mail that includes a QR code. You are supposed to scan the code with your phone's camera, and it will open a link. In some scams, the QR code takes you to a phishing website, where you are prompted to enter your personal information or login credentials for scammers to steal.

Other times, con artists use QR codes to automatically launch payment apps or follow a malicious social media account.

These scams differ greatly, but they all have one thing in common. Scammers hope you will scan the code right away, without taking a closer look. QR codes often appear to come from legitimate sources, so make sure any correspondence is legitimate before you scan the code.

For example, one victim reported on BBB Scam Tracker that they received a fraudulent letter about student loan consolidation. It contained a QR code that appeared to link to the official Studentaid.gov website. The QR code helped the program appear official, but unfortunately, they found that it was a fraudulent site from someone claiming to help them resolve student debt, which over time resulted in them losing $1,060.

In addition, BBB is finding that Bitcoin addresses are often being sent via QR codes. This is causing QR codes to become a common element in cryptocurrency scams. One consumer who was contacted by a "binary and forex trader" through Instagram about an investment opportunity said: "after I had paid the withdrawal fee through the Bitcoin machine and sent it to the QR code I was provided, I received another email saying I needed to pay a Cost of Transfer fee. This is when I figured out that something wasn't right."

Overall, BBB is finding that some scammers are now using QR codes in the same way they've used email and text-related phishing scams. The only difference is in the delivery of a message to you to lure you into providing your personal or financial information.

Visiting the wrong website could result in malware or spyware being installed on your device and tech-savvy fraudsters can use software to capture keystrokes or pictures of your device's screen in the hope of snagging passwords, account numbers, Social Security numbers, or other sensitive information.

Here are some tips from your BBB to help you avoid QR code scams:

* If someone you know sends you a QR code, also confirm before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure their account hasn't been hacked.

* Don't open links from strangers. If you receive an unsolicited message from a stranger, don't scan the QR code, even if they promise you exciting gifts or investment opportunities.

* Verify the source. If a QR code appears to come from a reputable source, it's wise to double check. If the correspondence appears to come from a government agency, call or visit their official website to confirm.

* Be wary of short links. If a URL-shortened link appears when you scan a QR code, understand that you can't know where the code is directing you. It could be hiding a malicious URL.

* Watch out for advertising materials that have been tampered with. Some scammers attempt to mislead consumers by altering legitimate business ads by placing stickers or the QR code. Keep an eye out for signs of tampering.

* Install a QR scanner with added security. Some antivirus companies have QR scanner apps that check the safety of a scanned link before you open it. They can identify phishing scams, forced app downloads, and other dangerous links.

If you've been the victim of a QR scam, we encourage you to report it at BBB.org/ScamTracker. Your report can help educate and protect your fellow consumers.

For more tips or to search for trustworthy companies with BBB, please visit us at BBB.org. Our team is also available at 423-266-6144.

Michele Mason is president of the Better Business Bureau in Chattanooga. Read more about her work at the BBB in the August issue of Edge at www.timesfreepress.com/news.edge

ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT