Be careful when scanning QR codes, officials warn

Codes can be used to trick people into following malicious links, US FTC warns

Andrew Griffin
Monday 11 December 2023 11:03 EST
Comments
(AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

People should be careful when scanning QR codes, US officials have warned.

Attackers are using the now prevalent technology to hide links to malicious websites, according to the Federal Trade Commission. It warned that criminals are increasingly using them to steal personal information and conduct other cyber attacks.

QR codes have come to be in widespread use in recent years, as a way of providing a handy and unique link to a specific website or other service. Their usage surged especially during the pandemic, when they could be used to direct people to online menus without any contact, for instance.

That usefulness and widespread adoption has however made them appealing to scammers, the FTC said. The same technology that makes them a quick way of getting to a link has also allowed cyber attackers to use them to quickly send people to malicious websites.

Attackers might cover up a QR code on a parking meter with their own one, which sends people to a fake payments website, the FTC warned. Some might send them directly through email or text, with an excuse for why it needs to be scanned: claiming that you missed a a delivery or that there has been suspect behaviour on an online account, for instance.

Those links will usually take people to a spoofed website that looks real but isn’t. They might then harvest login or payment details to be used for cyber crime.

The FTC warned people that they should check any QR code they see in an unexpected place, and ensure that it really is taking them to the right website. It might include a URL that looks like the one it is spoofing but swaps a letter, for instance.

It also warned people not to scan QR codes from unexpected emails or texts, “especially if it urges you to act immediately”. If a message seems like it might not be legitimate, then contact the company through a known phone number or website, it advises.

And users should also generally ensure that their accounts and devices are secure. That includes updating any devices to the latest operating system and using strong passwords, for instance.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in