FTC warns: Be careful when scanning QR Codes
December 11, 2023

FTC warns: Be careful when scanning QR Codes

In order to protect consumers from potential threats behind QR codesu recent blog warnings to consumers, the US Federal Trade Commission (FTC) issued a serious warning to the public regarding the potential risks associated with their scans. While QR code displays have become an indispensable part of modern technology, the FTC emphasizes the need for caution, noting that these codes can serve as a gateway through which fraudsters can enter and exploit individuals who are unaware of the dangers.

The warning addresses security and privacy concerns related to QR codes, as malicious actors can slyly place the codes in inconspicuous places or distribute them via text messages and emails. Once scanned, these QR codes can lead to various scams, including financial fraud or the compromise of sensitive personal information.

According to the report of the New York Times, a cybersecurity company Trellix identified over 60,000 examples of attacks via QR codes in the third quarter of this year alone. Among the most common scams reported were impersonations of payroll and HR services, postal scams, as well as cases of fake QR codes placed on parking meter devices in certain cities.

Users are advised to carefully check the URL that appears on the screen after scanning the QR codes

John Fokker, head of intelligence at Trellix, highlighted the increasingly sophisticated approach to these attacks, stressing the need for public awareness and caution when interacting with QR codes. He highlighted the prevalence of scams that involve social engineering tactics, forcing individuals to unknowingly reveal sensitive information.

The FTC advises individuals to be skeptical when confronted with unexpected emails or messages that demand immediate responses. Users are also advised to carefully check the URL that appears on the screen after scanning the QR code to ensure that it belongs to a trusted site. Since even legitimate QR codes can display a broken or shortened web address, users are encouraged to go directly to the desired website whenever possible.

To strengthen security measures, the FTC recommends regularly updating devices, using strong passwords, and implementing multi-factor authentication for sensitive accounts. For those unfamiliar with the process, the Commission directs users to its two-factor authentication guide, providing security instructions for popular sites and services.

Other precautions include refraining from downloading third-party QR code scanning apps, as the built-in cameras on Android and iOS devices already have this feature. The FBI also shares similar sentiments, stressing the importance of caution and restraint when encountering the unknown QR codes.

In conclusion, the basic advice remains clear: when in doubt, exercise caution and refrain from scanning suspicious QR codes. As technology continues to advance, so must public awareness of potential risks and the adoption of security measures to protect against evolving threats.