FTC advises consumers to be wary of QR codes

In its consumer warnings blog this week, the Federal Trade Commission (FTC) advised the public not to scan any old QR codes. The main concern is security and privacy, of course. Cybercriminals can hide QR codes in plain sight or transmit them by text message or email, then wait to cash in on money, login credentials, or other private data.

According to John Fokker, head of threat intelligence at cybersecurity firm Trellix, the business discovered more than “60,000 samples of QR code attacks” in just the third quarter of this year. According to The Times, among other things, payroll and HR impersonators, as well as postal fraud, were the most common types of scams. Police in several Texas cities reported early in the previous year that they had discovered phony QR codes on parking meters that led users to a phony payment website.

The Federal Trade Commission advises against responding to unsolicited emails or other messages that seem urgent to prevent falling prey to malicious code. It’s a good idea to confirm that the URL that appears on your screen while scanning is one you can trust. But even a genuine QR code may display an obscured and useless abbreviated web address, so it’s preferable to go straight to the website if you know what it is you want to view.

The Commission also advises sticking with the tried-and-true methods of keeping your gadgets up to date, creating strong passwords, and setting up multi-factor authentication for accounts that are sensitive. Visit our two-factor authentication guide, which includes instructions for many of the most well-known websites and services, if you’re not sure how to complete the second portion.

You have options outside of following the FTC’s advice. For starters, avoid downloading QR code scanning apps, as built-in camera apps on iOS and Android already accomplish that, and some apps are created with malicious intent. In a related blog post from September, the FBI also included a list of suggestions, but you shouldn’t scan a code if you are unsure about it.