
Scammers Are Hiding Traps in QR Codes: How to Scan Safely
Criminals are using fake QR codes to steal passwords and payment info. Learn how to spot these traps before you scan.
Source
ZDNet Security
Original headline: Is that QR code a trap? How to spot quishing scams before it's too late
Plain-English summary by GetCyberRight. Read the full report at the source above.
Scammers have found a new trick using QR codes. When you scan a malicious QR code with your phone, it can take you to a fake website designed to steal your passwords, credit card numbers, or personal information. This scam is called quishing, which combines QR code and phishing.
Anyone who scans QR codes is potentially at risk. You might encounter these fake codes on restaurant tables, parking meters, flyers, or even in emails. The fake QR code looks identical to a real one, so you cannot tell by looking at it. Once scanned, it might take you to a website that looks like your bank, a payment app, or a login page, but it's actually a trap designed to capture whatever you type.
Before scanning any QR code, take these precautions. First, look at where the QR code is located. Is it a sticker that could have been placed over a real code? Check if it looks tampered with. Second, after scanning, look carefully at the web address that appears before you tap to open it.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Does it match the legitimate website? Look for misspellings or strange characters. Third, never enter passwords or payment information on a site you reached through a QR code unless you are absolutely certain it's legitimate. When in doubt, type the website address directly into your browser instead.
Get in the habit of treating QR codes like links in emails. Just because you can scan it doesn't mean you should. Teach your kids this same caution, since they often scan codes without thinking. For payments or logging into accounts, it's always safer to open the official app on your phone or type the web address yourself rather than following a QR code from an unknown source.
Curated from trusted cybersecurity sources by GetCyberRight
Source: ZDNet SecurityStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
US Sanctions VPN Service That Helped Criminals Attack Hospitals and Schools
The US government sanctioned a VPN provider for helping ransomware gangs hide attacks on critical infrastructure. Here's what families need to know.
4 min readCriminal VPN Service Sanctioned for Helping Ransomware Attacks
The US Treasury sanctioned a VPN provider used by ransomware gangs to attack hospitals, schools, and cities while hiding their identities.
4 min readJapan's Largest Taxi Operator Shuts Down After Cyberattack
Nihon Kotsu forced offline to contain breach, affecting thousands. What small businesses can learn from this infrastructure attack.
3 min readVoice Scammers Are Now Stealing Your Work App Access. Here's What to Do
A major hacking group is calling employees and tricking them into handing over access to work accounts. Microsoft says it's already targeting companies worldwide.
4 min read