QR Code Phishing Scams: How It Works and How to Prevent It

Have you ever wondered if anything could go wrong after scanning a QR code? While it might seem like a fun way to get information, researchers warn about QR code phishing or QRishing scams, phishing attacks targeted at QR code users. Same as in email phishing scams, cybercriminals behind such attacks might try to redirect users to malicious web pages or trick them into paying for products and services. If you have not heard about QRishing scams before, we invite you to read our full blog post, in which we discuss not only how QR code phishing scams work but also how you can protect yourself against them. If you have any questions after reading our article, feel free to leave us a message in the comments section.

QR or Quick Response codes can be seen anywhere, for example, on product packaging, magazines, posters, tickets, and so on. Such codes can provide quick access to various websites, payment systems, and more. Their popularity increased with the appearance of mobile apps that could scan QR codes. Nowadays, many Android and iOS camera apps can read such codes without the use of third-party tools. Therefore, the ways to use QR codes keep expanding. The problem is that cybercriminals know about the increased QR code popularity and are trying to take advantage of it by creating phishing attacks that cybersecurity specialists know as QRishing scams.

How do QR code phishing scams work?

According to the authors of The Susceptibility of Smartphone Users to QR Code Phishing Attacks, many users scan QR codes out of curiosity. Also, some users do it for fun or to get useful information. No doubt, such reasons are perfect for phishing orQRishing scams as such attacks often rely on users’ curiosity. The research also revealed that most respondents scan QR codes with their mobile devices.

Specialists say that the problem with mobile devices is that their browsing applications are not as safe as desktop browsers that, for example, alert a user before redirecting him to a malicious site if it is found on the browser’s blacklist. Another thing that makes using QR codes so dangerous is that QR code scams are not as researched as other types of phishing, which is why there is so little done to prevent QRishing.

Hackers are well aware of the fact that many users see interaction with QR codes as a harmless way to have some fun or pass the time. All that is left to do is place QR codes that would lead to malicious websites somewhere where they would be easily seen. For example, the attackers could print phishing QR codes on stickers and place them on bus stops, restaurant windows, or any other places where a lot of people could easily see them.

Also, specialists say that attackers can replace QR codes of reputable companies by placing a sticker on top of their posters or by replacing entire posters or brochures with their own reprints. This kind of QR code phishing scams is the most dangerous because if a user thinks that the code comes from a reputable company, he might scan it without thinking twice and trust the information displayed on the malicious site that the fake QR code could redirect him to.

A similar kind of QRishing uses names of well-known brands, for example, Amazon, to tempt users to interact with the malicious QR codes. For instance, the attackers could distribute ads offering discounts on Amazon to those who scan provided QR codes. This type of scam relies not on curiosity or need to get useful information but on users’ need to save money.

Depending on what attackers seek, the malicious websites that users might get redirected to after scanning harmful QR codes might ask to provide sensitive information, make a payment, or even install malware. Thus, we highly recommend taking such attacks seriously if you do not want to be a victim of identity theft, lose money to scammers, or get your device infected.

How to prevent QR code phishing scams?

If you do not want to become a victim of QRishing scams, specialists advise taking a few extra precautions. First, it is advisable to inspect QR codes carefully before scanning them. What you should do is check if it is not a sticker that might have been placed on top of a genuine QR code. Next, specialists advise checking the URL address that you should see after scanning a QR code. If it is shortened and you cannot see the full address, it is recommendable not to open it. As you see, hackers often use shortened URLs so that victims could not see where they would be redirected to.

Moreover, you should always make sure that a website starts with https:// after entering it and that your browser does not show a crossed over lock in the address bar, which could signal that something is wrong. In which case, we advise not to provide any sensitive information or make payments. Of course, if you do not want to take any chances, you should avoid using QR codes entirely. It might take more time to get some information or access a website without using them, but it is worth doing so if you value your safety above all things.

Furthermore, cybersecurity experts advise using antimalware software not only on computers but also mobile phones. Such tools are always improving, and they might be able to offer more protection against QR code phishing scams in the future. Also, it is always a good idea to use a password manager like Cyclonis Password Manager that could help you replace your login credentials at once if you reveal them to hackers accidentally or if they get leaked in a different way.

To conclude, scanning QR codes might be a fun or an easy way to access a website or make a payment. However, if you have an option to do those things without using a QR code, it is highly advisable to use those other options. As explained earlier, there is still not enough information about QR code weaknesses as well as ways they could be employed for malicious purposes. Meaning, specialists cannot tell you how to fully protect yourself against hackers that are employing QR codes yet. Thus, we advise using QR codes as less as possible and keeping up with the latest cybersecurity news to keep learning about the latest QRishing scams and attacks alike.

By Foley
July 3, 2020
Computer Security
July 3, 2020
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News, Password Security, Tips

How Slack Phishing Works to Harvest Personal Data and how to Prevent It

The sad reality of 2019 is that phishing is no longer just an email security problem. For a while now it has been a communication security problem—and statistics indicate that said problem is growing. In spite of... Read more

September 2, 2019
How To

How to Set up and Use Microsoft Authenticator Qr Code

Microsoft Authenticator is an account verification app that lets you sign in to your Microsoft account with greater security while being very easy to use. These days we have to juggle so many different passwords for... Read more

August 27, 2019
Phishing

How to Recognize and Prevent Common LinkedIn Phishing Emails

Recently, we've been getting news of new LinkedIn-related phishing attacks. According to the news, the hackers use an array of assorted schemes in order to pressure their targets into visiting web pages laced with... Read more

June 20, 2019
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.