QR Code Security Tips
A QR code is a type of bar code that can be used to provide easy access to online information, such as websites, menus, contact information, directions, and more. To use them, all you need to do use open the camera on your smart device to scan the code, but as with most technology today you need to be careful.
QR codes can be used to link to malicious sites, so treat them with the same security approach you would give to a link you received in an phishing or spam message.
Types of QR Scams
-
Email Scams- Scammers often send phishing emails that contain QR codes. This technique is known as “quishing.” These emails will pose as a credible company and ask you to scan the QR code in their email.
-
Payment Scams- QR codes can be used for contactless payments by legitimate businesses. Using QR codes for payments was extremely popular during the height of the COVID-19 pandemic since it allowed customers to make purchases without touching card readers, minimizing the spread of germs. However, scammers can place QR codes in public places to steal your money or credit card information.
-
Package Scams- If you ever receive a suspicious package in the mail with a QR code, don’t scan it. In this type of QR code scam, criminals will send you a package in the mail that you never ordered. There’s a QR code inside the package (or on the box) that you can scan to get more information about the order or to return your order. The QR code will take you to website that prompts you to enter your personal information, like your credit card number.
-
Cryptocurrency Scams- QR codes are often used for crypto transactions. However, criminals can use QR codes to steal cryptocurrency from victims. They may contact you offering a “giveaway” that says you can get double the crypto if you send them crypto first. However, you’ll never get any crypto back. Scammers may also invite you in on an “investment” and ask you to send them crypto. These scammers run away with your crypto and you’ll likely never hear from them again.
-
Donation Scams- Scammers may impersonate a charity or create a fake charity to steal your money or credit card information. They may place QR codes on flyers or send them to you through text or email asking you donate money to a cause.
Slow Down
QR codes that may seem like they have been sent by a co-worker, friend, or even family member can present risks as there is always a chance that the sender's account has been hacked. Always ask yourself: Do I trust that it is safe?
-
Look at the URL. When you point your phone’s camera at a QR code, you get a preview of the URL. If it’s a short link or something unrecognizable, proceed with caution as you would with any link. Make sure it’s going to take you where you expect to go.
-
Check the URL in the browser after you tap. It may have said it was taking you to the restaurant’s website then took you to a clever phishing site copy of it. Always confirm that the URL is correct.
-
Don’t log in after a QR code tap. There are going to be times where you will need to, but be very cautious about it. In fact, be wary of giving any personal information to a site you reached through a QR code.
-
Don’t download apps from a QR code. A common scam is to promote fun new apps on a QR code, and the fun part is when it installs malware and steals your personal information. It’s fun for the attacker. Not for you.
-
Be careful about paying. Don’t make payments through a QR codes. Always use the native app or visit the official domain and log in there.
For more information visit villanova.edu/ITSecurity
Questions or concerns? Contact the UNIT Help Desk at support@villanova.edu
#BeCyberSmart