QR codes seem pretty innocuous until you scan a bad one and get something nasty on your system. If you want to keep your phone and your data safe, there are a few ways you’re able to identify a fake QR code.
Check If the QR Code Has Been Physically Altered
Companies use QR codes for all kinds of legitimate uses, from menus to paying parking meters. However, some tricksy scammers have learned they can apply a different QR code over the spot where the original one was. This new QR code typically leads to a fake website set up to steal information or download malware, and if you’re not careful, you can end up scanning one.
To ensure I’m not scanning a bad QR code, I always double-check the code itself. Scammers will sometimes stick their QR code over the original one, so if you see that someone has added a code on top of something, be cautious about it. However, there’s no guarantee that it’s a scam. For example, a restaurant may have put new QR codes over its existing ones for a new menu, but it’s worth taking care regardless.
Analyze the Context Surrounding the QR Code
If you’re looking at a QR code and wondering if it’s fake or not, try looking at the context around it. Sometimes, the “environment” the QR code is in can tip you off as to if it’s a scam or not.
For instance, does the QR code seem out of place? Perhaps you receive an email that asks you to visit a website, but instead of supplying the URL, it asks you to scan a code. This may be a trick to get you to visit a website while hiding the URL. Or perhaps the email is very vague and doesn’t really tell you what you’re scanning—that’s also suspicious.
Similarly, if the QR code is part of an email or a leaflet, and something about the text “feels off,” that’s another red flag. For example, if the message asking you to scan a QR code matches some of the mostcommon examples of phishing and fraud attacks, there’s a good chance the QR code isn’t going to take you anywhere good. That QR code on the bus stop? Or stuck to a shopping center wall? They’re likely to be scams.
Double-Check the Website the QR Code Leads To
Fortunately, a malicious QR code won’t instantly infect your phone and steal your data the second you scan it. You still have a chance to analyze where the code takes you and identify if it’s legitimate or not.
Some QR code scanners will show you the URL it’s trying to send you to. From here, you can use some of thecommon ways to identify a phishing websiteby analyzing the URL and looking for anything suspicious.
If the QR code claims to lead you to download an app, ensure it leads you to the real Google Play or Apple App Store. Scammers create fake websites that look like the real deal, but the app is actually laced with malware. If in doubt, take note of what app the QR code wants you to download, then open your app store of choice and manually grab it from there. That way, you know you’ve got the real deal instead of a fake.
Use a Secure QR Code Scanner App
If you’re worried that you may accidentally visit a bad website or download a malicious app, you’re able to try using a secure QR code scanner app. Unlike regular QRT code scanners, these ones will check over what you’ve scanned and look for anything malicious. If it finds something wrong, it will warn you before you continue. For example, theTrend Micro QR code scannerwill run a check on anything you scan to ensure it’s sending you to a good place.
While QR codes can be malicious, there are plenty of precautions you’re able to take before you scan one. Check for tampering, consider the context surrounding the QR code, and double-check where it sends you before you enter any personal details or download any files to your phone.
