QR codes have become increasingly popular since the COVID-19 pandemic, which proliferated their usage in the form of paperless menus or bills.
But with the convenience and efficiency of the scannable codes comes a threat: they also make patrons easily scammable.
As Check Point cybersecurity experts report a 587% increase in QR phishing, or “quishing,” the Federal Trade Commission also has issued a warning to consumers who may be putting their personal information at risk.
Cybercriminals may cover up legitimate QR codes — also known as “quick response” codes that are traditionally found as a jumble of white and black pixels that direct scanners to a website — with their own that send scanners to phony sites that then steal personal information or install malware.
The bogus codes can be found in public places, like parking meters, or can be sent via texts or emails claiming there was suspicious activity on an account or an issue delivering a package.
“They want you to scan the QR code and open the URL without thinking about it,” the FTC warned in a blog post on Wednesday.
To protect yourself, the FTC advised to inspect URLs before opening them to make sure they aren’t spoofed with misspellings or swapped letters.
The agency also recommended not opening QR codes from unexpected communications — such as urgent messages that indicate an issue with an account — and keeping your phone up to date and activating two-factor authentication.
A September blog post from the Federal Bureau of Investigation also implored consumers to be skeptical and “suspicious” of QR codes that, after scanning, request login information, and further cautioned against scanning codes that appear to be “tampered with.”