Contact Us

QR Code Scams: A Growing Threat

January 13, 2025
by Scott Sykes, CISO While QR codes offer convenience, they also present new avenues for cybercriminals. Malicious actors exploit these codes through various tactics: Mitigating QR Code Scams: Before scanning a QR code, exercise caution. Scrutinize the physical location and appearance of the code itself. Always carefully examine the displayed URL before proceeding. Decisively decline […]

by Scott Sykes, CISO

While QR codes offer convenience, they also present new avenues for cybercriminals. Malicious actors exploit these codes through various tactics:

  • Overlaying QR Codes: Replacing legitimate QR codes with malicious ones in public spaces, redirecting users to phishing sites or fraudulent payment systems.
    • In a recent case in California, criminals stuck a fake QR code over the meters real QR code. Users scanned it, went to the fraudulent site, and entered their payment information, thinking they were paying for parking.
  • Phishing Emails: Embedding malicious QR codes in phishing emails to bypass traditional URL-based security measures.
  • Premium Service Subscriptions: Enticing users to scan QR codes that subscribe them to unwanted premium services.
  • Cryptocurrency Scams: Utilizing QR codes to download counterfeit wallets, steal cryptocurrency funds, or authorize unauthorized transactions.
  • Malware Delivery: Employing QR codes to distribute malicious applications that steal data or compromise devices.

Mitigating QR Code Scams:

  • Scrutinize QR Code Sources: Avoid scanning codes from unsolicited emails, text messages, or unknown sources.
  • Verify the Destination URL: If possible, check the destination URL before interacting with the QR code.
    • When scanning a QR code, your smartphone's camera will instantly present a confirmation prompt displaying the intended URL. Prior to accessing the linked website, it is imperative to thoroughly examine the URL for any signs of malicious activity. Verify the website's SSL certificate for added security assurance.
  • Utilize Reputable QR Code Scanners: Employ built-in camera apps or dedicated security-focused scanners for enhanced protection.
  • Maintain Strong Device Security: Ensure your device has up-to-date security software, a robust password, and a reliable antivirus solution.
  • Be Wary of Unexpected Requests: Be cautious of granting excessive permissions to applications, especially those related to accessibility.

Before scanning a QR code, exercise caution. Scrutinize the physical location and appearance of the code itself. Always carefully examine the displayed URL before proceeding. Decisively decline any requests for payment or personal information.

Sign up for news + updates

Expert insights and regulatory updates on RegTech, compliance management, and fair lending.

Recommended Resources
Propelâ„¢ by Asurity - Case Study: Proprietary LOS Integration

Find out why a top-ten mortgage lender with a proprietary loan origination system (LOS) needed to convert from a legacy document platform.

Goals Module Overview

Learn more about the Goals Module and its key monitoring and reporting features.
Reg+Tech Magazine Volume 2 Issue 1

Learn about the changes of state consumer protection and the responsibility of financial services institutions to pursue operational excellence and a culture of compliance.

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram