QR, or quick response, codes are becoming common for a variety of uses, such as tracking packages, viewing menus and, generally, for marketing and advertising campaigns.
But those machine-scannable images that can be read so quickly by smartphone cameras are also leading to rising reports of con artists using them to mislead consumers, according to the Better Business Bureau.
The malicious codes, which appear as a matrix of pixels, can come through an email, text message, flyer or direct message on social media.
You are supposed to scan the code with your phone’s camera, after which you open a dangerous link. Sometimes, the code will take you to a phishing website where you will be asked to enter personal information or login credentials.
In other versions, scammers use the codes to launch payment apps or follow a malicious social media account, the BBB says.
The organization cited one instance in which the victim got a fraudulent letter about student loan consolidation. It contained a QR code that appeared to link to the official studentaid.gov website.
“The QR code helped the program, which was a fraud, appear official,” the BBB says.
Here’s the BBB’s advice on avoiding these scams:
• If someone you know sends you something with a QR code, check with the person directly before scanning it. You want to make sure it’s actually from that person and that they haven’t been hacked.
• Never use a QR code when it is unsolicited and comes from a stranger, “even if they promise you exciting gifts or investment opportunities.”
• Be wary of short links. “If a URL-shortened link appears when you scan a QR code, understand that you can’t know where the code is directing you. It could be hiding a malicious URL.”
• Some antivirus companies have QR scanner apps that can check whether a link is safe before you open it. They are able to identify phishing scams, forced app downloads and other dangerous links.
The website company White Point Digital is warning about emails that use legal jargon to accuse business owners of stealing information or images that have been protected by copyright.
The emails come as an automated email from your business’ website and say, for example, “The following lead was generated from your website.” The sender claims to own the rights to certain images that the business has improperly used.
The business owner is told to click on a link showing the misused images, but doing so will download a file that could allow the sender to take control of your computer and steal personal information or install malware, White Point Digital says.
Contact Ellen Marks at emarks@abqjournal.com or 505-823-3842 if you are aware of what sounds like a scam. To report a scam to law enforcement, contact the New Mexico Consumer Protection Division toll-free at 1-888-255-9210 or file a complaint at www.nmag.gov/file-a-complaint.aspx.
