Modern technology is marvelous, making life simpler. Yet it sometimes comes with a price.
Businesses use QR codes to make access to websites or information readily available. Unfortunately, cybercriminals also use the technology to gain access to personal data or money.
You probably know how the QR codes work. Using your smartphone camera to scan and read a code, you gain contactless access to a website. But, in return, the party with the code gains access to your phone. That’s not a problem for a legitimate business.
But the FBI is now warning about a national uptick in “quishing” – the term that refers to fraud using QR codes.
Here are a few recent examples of QR code scams from cybernews.com:
- In Atlanta, a series of fake parking tickets were slapped onto windshields. The tickets included a QR code to pay the fine online or by phone. But instead of paying a legitimate fine, the money goes to cybercriminals.
- In Texas, fake QR codes have been placed by parking meters, prompting people to scan the codes to pay fraudsters instead of a legitimate entity.
“Businesses and individuals also use QR codes to facilitate payment,” said the FBI in a public service announcement. “A business provides customers with a QR code directing them to a site where they can complete a payment transaction. However, a cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use.”
QR code scams can go beyond taking a deceptive payment. QR codes can ask for personal information, just like a normal business, or even bank account information that can lead to even bigger problems for those victimized.
At Regions, we’ve yet to see a major outbreak of quishing impacting our customers. But we still want everyone to be aware of potential fraud schemes.
“As with all other fraud schemes, we encourage clients to be cautious and vigilant when it comes to protecting their money and personal information,” said Jeff Taylor, head of commercial fraud forensics for Regions Bank. “The one time you let your guard down may unfortunately lead to you or your business becoming a victim.”
8 tips from the FBI to avoid becoming a victim of QR code scams:
- Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Practice caution when entering login, personal or financial information from a site navigated to from a QR code.
- If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
- Do not download an app from a QR code. Use your phone’s app store for a safer download.
- If you receive an email from a company you recently made a purchase with stating a payment failed and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
- Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.