The Better Business Bureau is again warning consumers of scammers exploiting the popularity of QR codes to defraud users across the US. According to reports filed with both police and consumer-oriented organization, fraudsters use QR codes to scam unsuspecting victims by directing them to phishing websites or downloading malicious software onto their devices.
Although attacks leveraging fraudulent QR codes vary in nature, the BBB says that most are delivered via unsolicited communications or that victims find them posted in a publicly accessible location.
Here are the top four QR scams reported by the agency in its most recent consumer alert:
1. Fraudsters us QR codes in crypto and romance scams
The BBB says romance scammers build false relationships with victims and trick them into investing in crypto.
“Believing that the scammer is in dire need or has their best interest in mind, the victim follows the provided QR code and transfers the requested amount to the scammer’s digital wallet,” the BBB explains. “Many victims lose thousands of dollars before they discover they are being scammed.”
2. Phony QR codes and parking meters
In recent months, scammers have been placing malicious QR code stickers around parking meters to divert drivers trying to make payments to official platforms.
“After paying for the spot through the QR code, some victims return to find their vehicle has been towed or received a parking ticket for non-payment, multiplying the amount of money lost,“ the BBB said.
3. QR codes in traditional phishing scams
Fraudsters also design QR codes and deliver them via unsolicited correspondence in emails or texts to direct users to phishing websites or malicious downloads that deliver spyware and credential-stealing Trojans onto users’ devices.
“Many phishing attempts begin with a notification of ‘suspicious activity' on one of their online accounts and include a link or QR code for the user to verify their identity.”
“After scanning a code found in an email, text, or on a flyer, some victims are directed to a website that requests personal information that can lead to identity theft, compromised passwords for online accounts, or downloads that track the user’s activity on the device.”
4. Utility and government impostors
Other consumer reports reveal scammers posing as agents from the IRS or the Social Security Administration regarding an outstanding debt that the prospective victim must pay immediately or risk going to jail or having their utilities shut down. The impostor says the regular payment platform is currently offline and urges the victim to pay by scanning a bogus QR code.
“The payment portal the victim is directed to often mimics the real portal down to the finest detail, providing a false sense of security that it is legitimate,” the BBB said.
Users are advised to pay close attention to QR codes or links they receive via unsolicited correspondence. Always check the information in the message by vising the official website or platform from your browser. Never rush to scan QR codes you receive or find in public areas.
Use a Bitdefender security solution to help you thwart phishing and fraudulent links you unwittingly access online.