APP

woman scanning a qr code with her mobile phone
Scam Prevention
APP

Smart steps for sidestepping the latest QR code tricks

Summary Points

Article

QR codes are a popular way to offer access to information by scanning the now familiar black and white code with your mobile phone. But not all QR codes are safe to scan.

Scammers are taking advantage of the widespread use of QR codes to launch new versions of old scams.

How the scams work

Scammers have a few ways to try and trick you into scanning fraudulent QR codes:

  • Scammers will send phishing emails that contain fraudulent QR codes with seemingly legitimate requests. They may claim that "your payment didn’t go through and you need to provide your credit card information to this website by scanning this QR code." Or they might claim that your account will be closed and urge you to update your details by scanning a code. Scanning the code will lead you to a fake website or payment app designed to steal your information. Other times, scammers use a QR code to spread malware.
  • Scammers will post physical QR codes. In a typical scenario, a scammer will pose as a legitimate business and post a notice about a sale or offer. When you scan the code, you’re asked to enter sensitive personal or financial information, like a credit card, and that information is stolen.

Tips to avoid QR code scams

Here are some tips to spot and avoid fraudulent QR code scams:

  • Slow down. A QR code is a tool that encourages you to act quickly – QR stands for “quick response.” It works well for advertisers, but it’s important to take your time and assess if you need to scan the code, and whether the information being asked for is legitimate.
  • Preview the link. Many phones offer a preview of the URL for the website you’re trying to access. Make sure the URL seems legitimate and isn’t a trick.
  • Check for tampering. Avoid scanning a QR code if it looks like a sticker covering another QR code, e.g. an advertisement on the street. Scammers can print fraudulent codes on stickers and affix them to legitimate ads.
  • Contact the company. If you’re unsure about the legitimacy of the QR code, manually search for the website you need or call the company providing the QR code from a number you know is correct and confirm that the request is legitimate.

The Canadian Centre for Cyber Security has on how to protect your personal information when scanning QR codes.

If you think you’ve been scammed

Banks take extensive steps to protect your personal information entrusted to them and to help you protect it as well. If you think you’ve been the victim of a QR code scam and provided your financial information to a fraudster, contact your bank immediately. The APP publishes a regular Fraud Prevention Tip email newsletter. to learn about the latest frauds and scams.


Related Articles