Be on the Lookout for Fake QR Codes That Steal Your Personal Information
Fake QR Codes Can Expose Your Phone to Hackers. Here’s How to Protect It
QR codes are more popular than ever with businesses, as they offer a convenient and touchless way to share information. But bad actors can replace QR codes in public with their own, granting them access to your phone.
You’ve likely seen at least one QR code today. They’re found on product packaging, in restaurants, and at gas stations. They look like this:
QR stands for “quick response.” Scanning the code with your phone’s camera will typically open the phone’s browser and send you to a website, or even download an instant app, for tasks like renting an electric scooter or paying at a parking meter.
You’ll find QR codes at Mineta San Jose International Airport, too. With four lots, two garages, and 2,475 total spots, it’s easy to forget where you parked at SJC. But this airport QR code can help:
Visitors can scan the QR code when they park, and it saves their location for later. Keonnis Taylor, Public Information Manager for the airport, says you can trust SJC’s QR codes.
“We use a third-party manager to monitor and manage the QR code system there,” Taylor said.
But, as QR codes are popping up everywhere — for voter registration, touchless restaurant menus, and quick app access, cyber-security experts say we need to slow down.
“It’s just another way for a hacker to get to your device,” said Alex Mosher with phone security firm MobileIron.
Mountain View-based MobileIron just polled 2,100 phone users in the United States and United Kingdom. It found 40 percent had scanned a QR code in the past week, and 53 percent would like to see more QR codes. But, 71 percent admitted they couldn’t spot a malicious QR code.
“You don’t always know when you’re scanning a QR code if it’s taking you to a site that you can know and trust,” Mosher said. “A QR code that’s legitimate, and one that’s not, tend to look exactly the same.”
Mark Kraynak, a former tech executive who lives on the Peninsula, says he fell victim. He used a small business’ QR code as part of a contact-free equipment rental process.
“It asked for a credit card, and I thought maybe that was part of the payment, but it wasn’t,” Kraynak said.
A $40 charge from somewhere in Eastern Europe appeared, instead. Fortunately, his credit card company caught the con and reversed the bogus charge.
“I was like, ‘I can’t believe I did that,'” Kraynak told NBC Bay Area. “I register for alerts on all my accounts. I tell everyone around me to do the same.”
How is this happening? Mosher says typically, thieves are creating fraudulent QR codes that they just print and paste over a “real” one, and wait for you to scan. The malicious codes can take your credit card information, or even open your phone to hackers. So, you need to check for tampering before you scan.
“It is somewhat challenging to be able to identify that,” Mosher said. “You’re sort of just relying on your own luck to be assured that you’re scanning the right code.”
Back at SJC, there’s a low-tech backstop to ensure its QR codes are OK to use.
“We have staff in our terminals and on the buses even, who check the QR codes, to make sure that stickers haven’t been peeled off or altered, and that they have not been replaced,” Taylor said.
To protect your phone from potentially harmful, malicious QR codes, experts tell us you should avoid blindly scanning QR codes. Always consider the source. If you can, inspect the code itself, to see if anyone has tampered with it.
Mosher also recommends adding security software to your phone. It’s not a license to scan random codes, but it might help block attacks.
Finally, do what Kraynak did — set up alerts with your bank and credit cards. It’s another line of defense that can help protect you from a variety of scams and identity theft.
NOTICE: All persons depicted are presumed to be innocent unless proven to be guilty in a court of law. The fugitive.com and fugitivewatch.com notations appearing on this are TRADEMARKS and NOT an expression of fact or opinion.
AVISO: Todas las personas representadas son presumidas de ser inocente a menos que resultara culpable en un tribunal de justicia. Fugitive.com y fugitivewatch.com anotaciones que aparecen en este sitio son MARCAS REGISTRADAS y NO una expresión de hecho o de opinión.
COMMENT ADVISEMENT: We welcome your thoughts, but for the sake of all readers, please refrain from the use of obscenities, personal attacks or racial slurs. All comments are subject to our terms of service and may be removed. Repeat offenders may lose commenting privileges.
AVISO DE COMENTARIO: Damos la bienvenida a tus pensamientos, pero por el bien de todos los lectores, por favor abstenerse de la utilización de obscenidades, ataques personales o insultos racistas. Todos los comentarios están sujetos a nuestros términos y condiciones del servicio, y podrá ser retirado. Reincidentes pueden perder privilegios comentar.
Fugitive Watch was founded in 1992 by two San Jose police officers, Steve Ferdin and Scott Castruita. Fugitive Watch is a reality-based television show, newspaper and website, fugitive.com. We can also be found on social media such as Instagram, Facebook, and Twitter. The mission of Fugitive Watch is to make Your community safer by helping law enforcement fight crime. Fugitive Watch brings the community, local business, and law enforcement together to solve crimes, apprehend wanted fugitives and provide education and crime prevention information to the community.
Business and private sponsorship help Fugitive Watch empower the community to strike back at crime from the safety of their living rooms. Fugitive Watch has been credited by law enforcement with over several 1000 crimes solved or fugitives apprehended. Fugitive Watch also helps improve the safety of police officers by locating fugitives for law enforcement so they can more safely arrest them rather than unexpectedly running across them through extremely dangerous routine “chance encounters”. As law enforcement officers know all too well, These “chance encounters” have resulted in countless officer injuries and deaths.