QR Code Scams: How to make sure what you’re scanning is not a trick

NEWBURYPORT, Mass. — Quick response codes or QR codes that you can scan from your phone are everywhere: Parking meters, concert venues, and restaurants to name a few spots.

But Boston 25 News found crooks are also using them to steal your bank information. It has become so common, that the FTC recently issued a warning.

A Newburyport cyber security expert walked us through ways to spot the scams before it’s too late.

“I think the most common scams for something like this is tricking you into something that you’re already planning on doing. Just send you to the wrong place,” said Caleb Barlow, CEO of Cyberbit.

Barlow says anyone can create a QR code and hide dangerous links in the black-and-white jumble. Scammers have been known to use stickers to cover up legitimate codes with their own codes. When you click the bad link, they steal your information as you fill it out on the website.

“We see all the time these QR codes get slapped on parking meters, saying ‘to pay to park, follow this QR code.’ Well, you’re already planning on planning to park. Do you know the legitimate site that you’re going to? Maybe Park Boston versus, let’s say, some ‘Easy Park’ site that someone just set up 15 minutes ago using it to grab your information,” said Barlow. “I would fall for it…” Barlow added. “Especially if I am in a place that I’m not familiar with.”

Boston 25 News reported previously on Massachusetts State Police warnings about this scam being used on parking meters. Despite that, the scam is still on the FBI and local police departments’ radars.

In just the last 4 months of 2023, cyber security company Trellix saw more than 60,000 samples of QR code attacks.

But Barlow says there are ways to protect yourself:

  1. Never scan a code if it’s on a sticker, looks like it has been replaced or covered up
  2. When entering financial information, do not download an app from a QR code. Instead, use your phone’s app store or go directly to the site using a browser. The FBI echoes that advice.
  3. And always be vigilant. Think before you enter your personal information on any site.

“It’s like finding a toothbrush on the side of the road and deciding, ‘Am I going to put this in my mouth?,” said Barlow. “All this sounds a little gross, but we’ve really got to think through this.”

(WATCH BELOW: BBB warns to not fall for scams while trying to fall in love)