December 12, 2023

Avoid QR Phishing Scams This Holiday Season

According to cybersecurity provider Checkpoint, “quishing”—phishing in the form of QR codes—has seen a 587% increase this year. Through quishing, unsuspecting users are tricked into accessing malicious websites or downloading malware after scanning a seemingly innocuous QR code.

With this technique, hackers are then able to use these websites to steal personal information—a scam that’s on the rise this holiday season as consumers increase their spending online.

What Are QR Codes?

QR Codes are a type of matrix bar code with heavy use in advertising to consumers. 1994, Toyota Group engineer Masahiro Hara developed the Quick Response Code—QR Code—to keep things at Toyota running efficiently and accurately by allowing a larger amount of data to be stored within each QR Code instead of the individual bar codes they were using at the time. Today, QR Codes can be made freely and are used in a variety of functions, such as logging into Wi-Fi networks and sharing links.

How Can They Be Dangerous?

Cybercriminals have found a variety of ways to use QR Codes as a way into your phone—and compromise your personally identifiable information (PII). Since you cannot see the link you’re taking before you take it, QR Codes can be used to direct a user to an infected website or trigger a malicious download. This can be done by sending legitimate-looking phishing emails with a QR code inside or posting QR codes in places that make people curious.

Additionally, since phishing websites can use URLs that look similar to trusted websites—and mimic their layouts—they may also be taking your login information for the site they’re emulating. Once you visit the phishing site and log in, your credentials will be compromised, allowing cybercriminals to access your accounts and private information.

Although there has been some buzz around companies using QR codes to collect customer information, this type of information-gathering is regulated. But even though QR codes themselves don’t infringe on your privacy, third-party tracking may. Retailer websites could be sending your information to third-party companies, something that you may miss if you don’t read every website’s privacy policy.

How Do I Use QR Codes Safely?

To use QR Codes safely, we recommend taking the following precautions:

  • Never scan a QR code from an untrusted source. If you can’t verify with certainty where QR codes are coming from, then do not scan them.

  • Check to make sure the QR code you’re scanning is not altered in any way. Cybercriminals may place stickers over the original code from a trusted source in an attempt to piggybank off of someone else’s reputation and get to your data.

  • Turn on private browsing mode to cut down on tracking by third parties. Browsers like Firefox and Safari also have anti-tracking features.

  • Use QR scanners that display website URLs. Most QR scanners directly display the website after scanning the code. If you can see it before, it may prevent taking a malicious link.

  • Regularly update your device. By ensuring everything is up to date with software patches and third-party security applications, you can fortify your device’s security and help prevent your information from being stolen.