Quick Response (QR) codes are back in the spotlight after making a resurgence during the COVID‑19 pandemic. It seems like everywhere we look these days there’s a square barcode for us to scan with our smartphones. Whether the code provides quick access to a website, restaurant menu, or direct payment, hackers have caught on to the convenient technology.
How QR code scams work
According to the Federal Bureau of Investigation (FBI), hackers are tampering with both digital and physical QR codes, replacing legitimate codes with malicious ones. Hackers are using these fraudulent QR codes on stickers, junk mail, online ads, and phishing emails in hopes of catching people off guard.
Oftentimes, the fraudulent QR codes will mimic those used by businesses that facilitate payments through QR codes. Once scanned, the code will direct the person to a website that prompts them to enter login and financial information, giving hackers access to that bank account. Fraudulent QR codes may also contain embedded malware that allows hackers to access a person’s smartphone to steal personal information, without having the person enter any login credentials.
Tips to protect yourself
- Preview the code’s URL as you scan it to make sure it’s the intended site. A malicious URL may be similar to the intended URL but will include typos or a misplaced letter.
- Don’t download an app from a QR code. Use your phone’s app store for a safer download.
- Refrain from scanning a QR code received by email or junk mail.
- Avoid making payments through a QR code, instead, manually enter the trusted URL to complete payment.
If you’re a Merrimack customer and are concerned your personal or financial information was compromised, please call us directly at 603.225.2793 so we can assist with protecting your accounts and identity.