QR Code Phishing Attacks

Scam of the Week: QR Code Phishing Attacks

QR codes have become a convenient tool for businesses, but cybercriminals are now using them as a way to deliver phishing attacks.

How the Scam Works Attackers send phishing emails or post QR codes in public places that, when scanned, lead users to fraudulent websites designed to steal credentials or install malware. Some scams involve replacing legitimate QR codes on printed materials, such as restaurant menus, posters, or payment terminals, tricking customers and employees into scanning them. Once on the fake site, users are prompted to enter login information or payment details, which the scammers then steal.

How to Protect Your Business

• Verify QR codes before scanning, especially in emails, public postings, or unexpected sources. If you receive a QR code in an email, confirm its legitimacy before scanning it.

• Use a QR code security tool that previews the destination URL before opening. Many mobile devices and security apps offer this feature.

• Train employees to be cautious and avoid scanning codes from unknown sources, especially those in public locations or unsolicited messages.

• Place security stickers or tamper-evident seals over QR codes on printed materials to prevent fraudsters from replacing them with malicious versions.

• Regularly inspect physical QR codes in your business environment to ensure they haven’t been altered.