
Learn How to Spot and Avoid QR Code Scams
While QR codes can be convenient, scammers are now using them in a new type of phishing attack called “quishing” (a combination of “QR” and “phishing”). Learn more about this scam and how to protect yourself.
What Is a Quishing Scam?
Quishing scams use malicious QR codes that, once scanned, lead unsuspecting victims to fraudulent websites designed to steal personal information or install harmful malware on their devices. These deceptive QR codes can be found in various places, including emails, text messages, flyers, posters, or even seemingly trustworthy websites.
Example of the Scam
Jade receives an email that appears to be from her bank, but she notices grammatical errors and a suspicious sender address. Scanning the QR code leads to a website resembling her bank’s login page, but it loads slowly with distorted images, confirming her suspicion of a quishing scam.
Tips for Protecting Yourself
- Exercise caution. Don’t scan a QR code in an email, text, or personal message that you weren’t expecting.
- Double-check the URL. Before scanning, try previewing the QR code’s destination URL. Be cautious if it seems suspicious or unfamiliar.
- Protect your devices. Protect your device and accounts. Keep the OS (operating system) on your smartphone or tablet updated.
- Protect your personal information. Never share sensitive personal or financial information after scanning a QR code unless you are certain it’s from a trusted source.
If You’ve Been Scammed
- Contact us. If your account information has been compromised or you believe you’ve mistakenly paid a scammer, let us know.
- Change your passwords. If you entered any passwords after scanning a malicious QR code, change them immediately on all accounts where you use the same or similar passwords. Create strong passwords at least 12 characters long, including a mix of uppercase and lowercase letters, numbers, and symbols.
- Enable multifactor authentication (MFA) whenever possible for added security.
- Scan your device for malware. Run a security scan to check for and remove any malware that may have been installed.
- Report the scam. Contact the appropriate authorities, such as the FTC at ReportFraud.ftc.gov, the Internet Crime Complaint Center (IC3), and your state attorney general at naag.org.
Reach out to learn more about safeguarding your financial information and securing your accounts. Our experts are here to help.