Fake QR Code

Can scanning QR code be dangerous

In most cases, it’s perfectly safe to scan a QR code. However, if you come across a fake QR code, scanning it might put your device at risk. Scammers might set up links to dangerous websites where they can take your personal information or install malware on your device.

A QR code scam will usually direct you to an unexpected website. Once you’re there, one of the following things might happen:

• You’re encouraged to enter your personal details, allowing scammers to steal them.
• Malware is installed on your device. This might be tracking software that allows scammers to access your banking information.

However, you shouldn’t let this put you off scanning all QR codes.

If you’re worried about QR code fraud, make sure that your devices are protected. Avoid jailbreaking your phone because this can leave it more vulnerable to security breaches. Jailbreaking can bypass Apple’s security checks for apps and downloads and potentially give scammers access to your device.  

Clario Anti Spy’s Device System Check checks to see if your phone is jailbroken, ensuring no one has unauthorized access.

How to use Clario Anti Spy’s Device System Check:

1. Download Clario Anti Spy from the App Store or Google Play.
2. Get a subscription and set up your account.
3. In the app, click Scan under Device System Check.
4. Clario Anti Spy will let you know whether your device has been jailbroken and guide you on how to remove any vulnerabilities on your phone. If there are any security updates available, it’ll prompt you to install them, allowing you to take action to keep your phone safe.

What is fake QR code

A fake QR code works just like a regular QR code and instructs your device to do something—usually taking you to a website. However, it won’t help you order from a menu, view a business card, or visit a legitimate site. Instead, a fake QR code usually takes you to a malicious site.

Anyone can create a QR code using an online generator, so it’s easy for scammers to set up QR code fraud.

What is a QR code? If you’re totally unfamiliar with QR codes, you’re probably feeling a bit lost reading this article! Check out our information on QR codes and how to use them.

How to identify fake QR code

But how can you avoid falling for QR code attacks? Luckily, there are a few ways to identify a fake QR code.

How to identify a fake QR code:

1. Look at the URL—is it what you would expect?
2. Check the branding—does it match the organization’s style?
3. Investigate the destination page—is this the correct site?
4. Check the QR code source—would you expect to see a QR code here?
5. Look for evident QR code tampering—has someone changed it?

1. Examine QR code URL

When you scan the QR code, where does it take you? You’d expect to be taken to the organization’s website if you scan a legit QR code on an advert. If it doesn’t immediately link there, this could be a sign of a QR code scam.

Trusted secure sites should have URLs beginning with https. You may also see a padlock symbol in your browser’s address bar.

Remember, you can usually preview the destination URL in your QR code scanner before you access it—if it seems suspicious, don’t click on it.

2. Inspect QR code branding

Does the QR code look very generic? If it’s from a legitimate large company, it will often include some of its branding, such as colors or logos. If you don’t see that, it might be a fake QR code.

3. Investigate destination page

Does the website seem trustworthy? Make sure that it’s not a fake trying to look like a legitimate organization’s website. Is it asking for unexpected payments, or are there other warning signs?

4. Check QR code source

Where did you see the QR code? Do you know why you need to scan it?

If you’re in a restaurant and see a QR code on a menu, it makes sense to scan it—it’s in an expected place, and you know what will happen. However, if you’re walking down the street and see a QR code sticker on a wall or receive it in an unsolicited email, it’s more of a risk.

5. Look for evident QR code tampering

Has someone tampered with a legitimate QR code? Is there a sticker over the original, or has someone edited it somehow? These could be signs of QR code fraud.

Fake QR code types

You might see a variety of different QR code scams.

Fake QR code types include:

1. QR codes on unexpected packages
2. Fake QR codes on parking meters
3. QR codes sent via email (often posing as surveys, sweepstakes, or coupons)
4. Fake QR codes in restaurants
5. QR codes on social media
6. Malicious QR codes in cryptocurrency
7. Fake QR scanning apps that install malware

1. QR codes on unforeseen packages

Scammers might send unexpected packages or mail. They might include a QR code where you can find out more, or contact them to return it.

But scanning the QR code won’t take you to a genuine website—even if it’s designed to look like an online retailer. Instead, the site will steal your details.

2. Fraudulent QR codes on parking meter payments

Parking meters are a common place for QR code scams. They’ve been seen in the UK and the US particularly.

Scammers place fake QR code stickers on parking meters. When people scan the code, they’re taken to a malicious website—but it looks like a genuine payment site. So, victims enter their details, and the scammers have access to their payment information.

Protect yourself from QR code scams when parking by paying with cash if possible, or downloading a parking payment app from the App Store.

3. Fake QR codes sent via email (surveys, sweepstakes, coupons)

Many of the most common phishing scams happen over email.

The email might say that you need to scan a QR code to receive a refund or coupon, take a survey, or enter a competition. But instead, the code might take you to a malicious website or download malware to your device.  

4. Fake QR codes in restaurants

Scammers know that you expect to see QR codes in restaurants, so they’re a common target for QR code fraud.

Protect yourself from QR code scams in restaurants by asking the server if you can pay directly with your credit card or cash.

5. QR codes sent on social media

Some scammers hack people’s social media accounts and send messages saying things like: “Look at this great deal I found!” Because the message comes from someone who looks like a friend, you’re more likely to trust it—but if it’s a fake, it might take you to a malicious website or even allow the hacker to access your account.

6. Malicious QR codes in cryptocurrency

There are a few QR code scams that involve cryptocurrency:

• Fake investment opportunities, where a QR code directs you to a malicious website to “invest” your money. You won’t get the money back, and the scammers now have your payment details.
• Fake payment sites, where a scammer says you need to pay a fine or give someone money, but only using cryptocurrency. The code will direct you to a malicious website where they can take your money and harvest your banking details.

7. Fake QR code scanner programs that download malware

Some QR code fraud comes from the scanner. Fake scanners might download malware to your phone.

You probably don’t need to download a QR code scanner—most phone cameras are capable of scanning QR codes. Avoid downloading scanner apps that might make your device vulnerable to malware.

How to avoid QR code scams

Of course, it’s not always possible to avoid all scams. However, you can reduce your chances of falling victim to QR code fraud.

You can reduce the risk of falling for a QR code scam by learning the warning signs, keeping your device up to date, using a QR code secure scanner, and not sharing your personal information.

1. Do your research before you scan

Learn the warning signs of fake QR codes, and remember the most common types of QR code fraud. If you see something that looks suspicious, avoid it.

It’s also a good idea to read up on other types of online scams, to stay vigilant and reduce your chances of losing money.

2. Take your devices up to date

Keeping your devices up to date is always a good idea—new iOS or Android updates often include crucial new security features.

When your phone, tablet, or computer lets you know that there’s a new update available, don’t put it off—install it as soon as you can.

3. Use good QR code generator

If you need to generate your own QR codes, research the generator you’re using. Some websites or apps might make it easier for scammers to edit your QR code.

4. Use only secure QR code scanner

Some third-party QR scanners might install malware on your device. Avoid installing unknown apps—use your phone’s camera to scan QR codes where possible.

5. Do not share personal information

When you scan a QR code, avoid entering personal information unless you’re sure it’s legit. If you need to make a payment and a QR code is the suggested method, ask if you can pay directly or visit an official website or app.

What to do if you scan a fake QR code

Unfortunately, even if you’re taking precautions, sometimes you might end up scanning a fake QR code.

If you’ve scanned a fake QR code, you should:

• Stop entering details as soon as you realize.
• Change your passwords.
• Monitor bank transactions.
• Contact your bank to let them know you’ve been a victim of fraud, especially if you’ve lost money.
• Look out for suspicious emails or other signs of identity theft.
• Scan your device for malware.

Conclusion

QR codes are everywhere these days, and scammers can take advantage of it. We should all learn the warning signs of QR code scams and how to avoid them.

However, if you do scan a fake QR code, make sure you secure your device. Clario Anti Spy’s Device System Check alerts you if your system has been compromised.