Cybersecurity month logo

BEWARE! Most Likely Scams!

What’s out there waiting for you?

That is the question we are about to answer. Whats out there waiting for you to click on, scan or open? Most cyber scams rely on one simple act. A non-thinking response to stimuli as a scientist would say. We do things everyday with our phones, tablets and computers before we can think about what could  happen. And that is what the cyber criminal is counting on. Here is a likely scam you will encounter and what to do about them.

 QR Code Scam

We have all seen them. They’re everywhere. “Scan here.” Well these little babies are one of the most likely ways a cyber criminal will get you. QR code scam are rampant and they easy to carry out and can be expensive if you get hit.

How does the scam work? Well, first of all you need to know that anyone, and I mean anyone, can create a QR code. If you don’t believe me try it here. And its almost impossible to know what website the code will direct you to. After that its about placing the code in the right place. These little babies can be printed on any sized sticker or document and placed wherever the cyber criminal wants to snag a victim. ANYWHERE!

Parking QR Scam

One of the most popular QR Code scams are the parking meter scam. This is where the cyber criminal replaces the QR code on a parking meter with his own. Once you scan you are sent to a duplicate or imposter website for the company or municipality that owns the meter. You think you’re paying for your parking but in reality you just handed the cyber criminal your credit card number, expiration date and security code. If that isn’t bad enough some victims come back to their car to discover its been towed away. if they get lucky they’ll just find a parking ticket for non-payment. More money gone!

QRishing or QR Phishing Scams

Have you scanned a code found in an email, text, postal mail, or on a flyer? Careful!  Victims of this scam end up on a website that requests personal information that can lead to identity theft. They can trick you into revealing passwords for online accounts or download malware that tracks the user’s activity on the device. These phishing scams start out with some thing to scare you like a notification of ‘suspicious activity’ on one of their online accounts. You may get this message using fake logos from your bank or other financial institution and the email or text message will include a link or QR code. “Scan Here” and the user will be asked to verify their identity. The victim has now provided the information to a scammer which they use for other purposes, like cleaning out your bank account.

How to avoid QR scams

  • Confirm the QR code before scanning. If you receive a QR code from a friend via email or a message on social media, be sure to confirm with that person they meant to send you the code to verify they have not been hacked. Keep in mind what you know about the person messaging you. Are they active in cryptocurrency investments, or is this message a little out of character? How often do you talk to this person, and does it make sense they would come to you with this opportunity? Trust in your intuition and avoid scanning any QR code until you know they sent it on purpose. 

  • Do not open links from strangers. If you receive an unsolicited message from a stranger that includes a QR code, the BBB strongly recommends against scanning it. If the message promises exciting gifts or investment opportunities under the condition you “act now,’” be even more cautious. Scammers use this type of language consistently and rely on their targets to make immediate or hurried decisions before verifying its authenticity.  

  • Be wary of short links. Suppose a shortened URL appears when hovering your camera over a QR code. In that case, there is no way of knowing where it will direct you once the link is followed. A short link may look like this “https://bit.ly/3rFi2Ea ” A short link, also known as a URL shortener, is a condensed version of a longer URL. Its designed to be easier to share and more aesthetically pleasing. Ensure you are confident that the QR code is legitimate before following short links, as it may send you to a malicious website. Once on the website, look at the URL and verify the domain and subdomain make sense for the organization that supposedly operates it. Scammers often switch around the domain and subdomains for URLs or slightly misspell one word to make websites appear legitimate. For example URL is supposed to be for “www.wellsfargo.com” but if you examine it carefully you may see “www.wellsfarga.com” or something similar.

  • Check for tampering. Some scammers attempt to mislead consumers by altering legitimate business ads or placing stickers over the legitimate QR code. Keep an eye out for signs of tampering and, if discovered, have the business check that the posted QR code is genuine. Most businesses permanently install scannable QR codes using laminate or placing them behind glass in their establishments. They will often include the business’s logo in the code, often in the middle. 

Now you know