A Complicated Problem
Recently, at a Los Angeles rooftop establishment, a waiter with a mask and plastic face shield instructed the customers at the table to scan the intricate design on the table to access the menu. As businesses across the country re-open, they’re looking for ways to keep employees safe while reducing human contact. Enter the QR code.
The QR code redirects the patrons to the restaurant’s website where the menu was posted. It reduces the amount of physical things that have to be sanitized while also allowing each person a chance to browse at their own pace. It seems like a great idea.
QR codes are a great idea in our increasingly contactless world. Cybercriminals, however, are finding a way to exploit this new outlet. Of course they are.
The Scams
The scams aren’t foolproof. You have to be a willing participant. Scanning a code on the table of a restaurant is a low risk activity. It’s similar to using your chip card at a well known retailer, or allowing a trusted site to store your personal information. Our technology is here to make our lives easier.
While it may seem exhausting to have to keep an eye out for scams, just a little common sense can go a long way.
Scams include things that should seem a little off. Just like a phishing email, a QR scam has little idiosyncrasies that don’t quite line up.
Imagine you’re in a parking lot and a harmless looking lady approaches you. She only has cash and the machine where you pay only takes cards. She hands you a five dollar bill and asks that you scan the QR code she presents to pay for her ticket.
While it may seem like you’re helping out, there are several red flags here. The first is that she only has cash. We are living in an increasingly digital world where cash is actually becoming less normal. The second is that she wants you to scan a code rather than paying for her parking at the designated machine in the lot. The third is that she’s producing the code rather than directing you to a place where it’s publicly posted.
This is a documented scam that, unfortunately, people have fallen for in the past.
Don’t Become A Victim
While the idea of scanning a QR code may seem a little scary, don’t shy away from this new technology. You simply have to be more proactive in what you scan.
If the interaction feels a little off, abstain from it. Ask if there’s a more secure way for you to pay or enter personal information. If there isn’t, then you probably want to avoid the transaction.
Like unsolicited phone calls or emails, never give out personal or banking information to a QR linked site that didn’t originate from a verified source. The lady in the parking lot with the code may sound ridiculous, but people have already fallen for the ruse. When in doubt, just say no.
Use a QR reader with built in features. As these codes become more widely used, security on them will increase. There are some QR reader apps out there that have features built in to monitor malicious code. That can save you a headache or worse in the future.
Don’t just click “accept” on a QR scanned site. QR codes can install contacts, send emails, access bank information, add a preferred wifi network, and much more but you have to allow those permissions first. Make sure you’re reading what you’re agreeing to before actually saying “yes.”
Finally, you want to make sure you’re monitoring your bank, email, and social media accounts. If something looks a little fishy, shut it down. If you don’t know how to shut it down, a quick internet search can walk you through almost anything.
Final Thoughts
QR codes aren’t going away. They shouldn’t have to either. A little code on a table is a great way for us to access information quickly and safely, as long as we’re being proactive about what we let into our devices.
Keep an eye out, and, as always, stay safe out there.
Photo by Markus Winkler on Unsplash