QR code for Bank of Marin’s
Fraud Prevention Resource Center
Scanning with caution: How to stay safe from Quishing scams
You’ve likely seen them on menus and parking meters, in stores, and even placed on some of your favorite products. Quick Response codes, more commonly known as QR codes, can quickly take us to websites where we can learn more about a retailer, a product, or even conveniently purchase a service or good. But is scanning a QR code with your phone or tablet safe?
October is #CyberSecurity Awareness Month and we want to arm you with knowledge to make informed decisions. In a digital age where cyber threats are continually evolving, Quishing (short for QR phishing) is the latest threat facing unsuspecting victims. Fraudsters use deceptive QR codes that, when scanned, redirect victims to fraudulent websites that may trick them into revealing sensitive information, send payments to the fraudsters, or prompt them to download malicious software. These black and white codes can be included in a suspicious email or taped over legitimate QR codes on public signs, parking meters, restaurants menus, or stores, to name a few.
So how do you protect yourself? As well-known “white hat hacker” and security expert Rachel Tobac says being “politely paranoid” is never a bad approach to take when it comes to protecting yourself from scammers.
Emails
When it comes to emails directing you to scan QR codes, ask yourself:
- Were you expecting the email?
- Does anything seem suspicious—including grammar and spelling errors, an emotional undertone or urgent plea, unusual request, and inconsistencies in email addresses or links.
- Is the sender requesting personal information?
- If anything seems “off”, directly contact the company or individual sender of the email. Do not use the contact information provided in the email as it may direct you to the fraudster(s).
- You should never reply to a suspected phishing email.
QR codes in public locations
- Downloading apps: Rather than scanning a QR code at a pay station, parking meter or other public location, take a minute to search for the desired app on your phone/tablet’s app store. This will provide greater assurance that you’re downloading a scam-free app.
- Use a QR scanner app that allows you to review the site before visiting it.
- Scammers may affix a QR code sticker onto a legitimate sign/poster/menu. Before scanning a QR code posted in a public location, examine the signage. If the edges of the QR code are peeling, have bumps or irregularities, or otherwise appear like a sticker, do not scan it.
If you believe you have fallen victim to scammers, immediately:
- Change the password of any accounts you may have shared in the fraud attempt.
- Take your phone to your phone service provider and ask if they can perform a malware/virus scan.
- If the exchange of money was involved, notify your bank and credit card providers.
For more fraud prevention tips, visit our Fraud Prevention Resource Center
LEARN MORE