CORPUS CHRISTI, Texas — In an effort to minimize physical contact at businesses across the nation in response to the COVID-19 pandemic, many companies have turned to QR codes to guide customers to their apps, menus, events or package tracking services.
However, BBB Scam Tracker is receiving reports of con artists who are using QR codes as a disguise to direct victims to malicious websites, prompting the user to input personal information or login credentials for the scammers to steal.
"The scam takes advantage of consumers by sending a QR code through an email, direct message on social media, text message, flyer or other marketing material that appears legitimate," said Katie Galan of the Better Business Bureau. "After scanning the code with your phone’s camera, it may direct you to a phishing website and request the user to provide basic information to access content."
Other times, con artists use QR codes to automatically launch payment apps or follow a malicious social media account, Galan said.
In many cases, scammers who are sending fraudulent letters or emails include the official QR code of the organization or entity they are claiming to represent to appear more credible. One victim reported this tactic to BBB Scam Tracker when they received a fraudulent letter regarding student loan consolidation.
Galan does say there are ways for Texans to avoid QR Scams include:
- Confirm QR code before scanning. If you receive a QR code from a friend via text or a message on social media from a workmate, be sure to confirm with that person they meant to send you the code to verify they have not been hacked.
- Do not open links from strangers. If you receive an unsolicited message from a stranger that includes a QR code, BBB strongly recommends against scanning it. If the message along with the code promises exciting gifts or investment opportunities, exercise extreme caution if you decide to interact with it.
- Verify the source. If a QR code appears to come from a reputable source, it is wise to double-check with the business or entity to verify its authenticity. Call or visit their official website to confirm it is legitimate and that the source of the communication is a part of the organization.
- Be wary of short links. If a shortened URL appears when scanning a QR code, there is no way of knowing where the code will direct you once the link is followed. It may be a guise for a malicious website.
- Check for tampering. Some scammers attempt to mislead consumers by altering legitimate business ads or by placing sticks on the QR code. Keep an eye out for signs of tampering and, if discovered, inform the business or entity to ensure the posted QR code is genuine.
- Install a QR scanner with added security. Some antivirus companies have QR scanner apps that check the safety of a scanned linked before it is opened. These apps can assist in identifying phishing websites, forced app downloads and other dangerous links.
To learn more about protecting your information online, read the BBB's tips on data privacy and cyber security. Go to BBB.org/ScamTracker.