Think Before You Scan – Scammers Can Use QR Codes to Steal Your Information

QR codes Can be easily manipulated by criminals, experts say

NBC Universal, Inc.

QR codes surged in popularity during the pandemic as a great contactless option for businesses, and now it seems they're here to stay.

But experts warn they can be easily manipulated by criminals and you shouldn’t let your guard down when it comes to using them.

STAY IN THE KNOW

icon

Watch NBC10 Boston news for free, 24/7, wherever you are.

icon

Get Boston local news, weather forecasts, lifestyle and entertainment stories to your inbox. Sign up for NBC Boston’s newsletters.

QR codes are easy to use--scan them with your smartphone camera to access a website or get more information about something.

Scammers can tamper with QR codes in order to steal your personal or financial information.  In some cases they paste a fake QR code over the real ones, or they may send you a QR code directly, via text or email, and say it’s linked to a free gift or coupon. There is a lot of information stored in your phone that you wouldn’t want criminals to get their hands on.

There are a number of things that can happen sometimes by just clicking on it,” said Steve Weisman, who runs the website www.scamicide.com.  “You can be downloading malware onto your phone, stealing information from you. Other times it actually will be able to access accounts of yours and take money out. I mean, it's pretty dangerous."

If you're going to use QR codes, Weisman said there are free apps that you can have and put on your phone that will recognize when it's a fake or not.  He recommended a free option by the company Kaspersky.

That app will warn you if dangers lie behind the QR code that you have scanned.

To protect yourself, you should avoid blindly scanning QR codes.  Always consider the source first, and if you can, inspect the code itself to see if it looks like it has been tampered with. And once you've scanned one, take a minute to look at the URL and make sure it at least seems legitimate before tapping the notification.

Contact Us