« Back to Blog

Avoid Scams: Tampered QR Codes

The words "Avoid Scams QR Codes" on a patterned background with the UMe Credit Union logo

The last couple of years had us seeking new ways for contactless methods of interacting. Enter QR Codes, which you can find nearly everywhere you look these days. From your favorite Burbank restaurants using them to access their menu to that viral Superbowl ad! QR Codes are super convenient – and don’t you feel kinda futuristic using one?

Of course, with new innovations, there are pesky cybercriminals who are looking for ways to trick people into sharing personal information, leaving their bank accounts vulnerable. Scams utilizing QR codes are on the rise (so much so that the FBI published an official statement!) – so we’re here to help U be aware and not get tricked!

Cybercriminals are definitely attuned to the newfound popularity of QR codes and they are no strangers to the convenience that QR codes provide. Many have been creating their own QR codes in order to trick innocent people into sharing their personal information including private financial information like bank details. This is often done by using the QR code to send people to a fake website that asks you to enter the information. The fake website could be something as simple as a way to electronically pay your parking meter, you think you’re paying just one dollar, but you’re actually giving them the keys to the kingdom when you enter your credit or debit card info, or your checking account number! So how can you protect yourself from QR code scams?

Look twice, think thrice! It can be easy to be tricked into scanning a fraudulent QR code, but sometimes all you have to do is look — does it look like it’s actually a legitimate part of what you’re scanning? Or does it look like a sticker placed on top of the real QR code?

Check out the website that the QR code led you to. All the latest smartphones will provide the website’s address as soon as U scan. Do you recognize the URL? If not, that is a red flag. Is it asking for unnecessary banking details? Another red flag.

Skip the scan. If you are having a hard time telling if a QR code is legitimate, then ask for a physical copy or look for a URL to enter in manually.

Remember to stay vigilant online. You might catch most of the scams coming your way, but it only takes one time for a cybercriminal to get your info, so it’s best to be aware!

Keep these helpful tips, provided by the FBI, in mind to stay safe from QR code scams:

  • Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
  • Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
  • If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
  • Do not download an app from a QR code. Use your phone’s app store for a safer download.
  • If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
  • Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
  • If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
  • Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.

 

For more detail, learn more here:

 

If you believe you have been a victim of stolen funds from a tampered QR code, report the fraud to your local FBI field office:

 

The FBI also encourages victims to report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center here:

 

 

Disclaimer: U matter to Me (all of us) at UMe — and that’s why we do our best to deliver helpful information on our blog. Please note the following: (1) UMe Credit Union works hard to make certain that the information we post here is as accurate as humanly possible. But as you know, information can change and evolve quickly. While we try to update the blog on a regular basis, the content of some older posts may not be correct or up-to-date. (2) Some destinations on the World Wide Web that we link you to will exist on external websites. UMe Credit Union does not officially endorse any connected sites, nor do/did we compensate or get compensated by any entities to be featured in our posts (unless otherwise noted). (3) Everyone’s situation is unique and we advise you to consult with our personal bankers or your finance, tax, or legal professional for advice individualized to you!