QR codes, also known as Quick Response codes, are used to store links and other information that can be read by a smartphone camera. They are currently widely employed by restaurants and various retailers. According to Insider Intelligence, over 94 million consumers in the United States are expected to scan QR codes this year. However, the Federal Trade Commission (FTC) warns that scanning QR codes may expose you to the risk of identity theft, so caution is advised.
CBS News reports that this technology is utilized by retailers to gain a deeper understanding of customer behaviors, such as linking QR codes to store loyalty programs. However, U.S. government regulatory agencies caution that while they provide convenience for customers and assist businesses in their operations, they may also serve as secret tools for criminals to steal consumers’ personal information.
Identity theft can result in economic losses for victims as they often have limited recourse. According to a report by the Federal Trade Commission, thieves can use your personal information to steal from bank accounts, make unauthorized credit card charges, open new utility accounts, or even seek medical services under someone else’s health insurance plan.
In some instances, thieves might even use your name when being apprehended by law enforcement, further complicating matters. Signs of stolen identity include unexplained withdrawals from bank accounts or unauthorized credit card charges.
Fraudsters sometimes place their own QR codes in common locations like parking fee stations, concert venues, parking lots, public flyers, and bike share racks. As part of their scheme, they may overlay legitimate business entities’ QR codes to steal personal information. Other scammers send unsolicited QR codes through text messages or emails.
As part of such schemes, scammers often create a sense of urgency, for example, claiming that a package beyond your expectation cannot be delivered and immediate contact with customer service is necessary.
In a blog post, the Federal Trade Commission writes, “They want you to scan the QR code and open the URL without thinking twice.”
Malicious QR codes may sometimes redirect to fake websites mimicking legitimate ones. If logged into a deceptive site, scammers can steal any information provided by users. The Federal Trade Commission states that at other times, scanning a QR code itself might automatically install malicious software on your device.
Mike Scheumack, Chief Innovation Officer of identity theft protection company IdentityIQ, advises, “Only scan QR codes from sources you trust. Fraudulent QR codes can lead you to visit fake websites or install malicious software, all with the same goal – stealing your identity and money.”
Think twice before scanning a QR code. If the code appears in an unexpected location, verify it first. If a QR code contains a URL with spelling errors, it could be a sign of fraud.
Be wary of receiving unexpected QR codes. Even if a text or email from a company appears legitimate, contact the company directly by phone or online to verify.
Update your mobile software. Always install the latest version of your smartphone operating system and use strong passwords to protect your online accounts. Consider utilizing multi-factor authentication so that only you can access your personal accounts.