Albuquerque
--°

OPINION: QR codes are scammers' new portal to your personal information

Ellen Marks Ellen Marks Ellen Marks For the Journal
Published Modified
Marks
Ellen Marks

The intricate matrix pattern known as a QR code is an increasingly common and helpful way to access information with a smartphone. But the codes are also becoming a more prevalent way to rip people off.

Consumer complaints and warnings issued by police departments show that QR codes are directing people to phishing websites, fake payment portals and downloads that can unleash a virus or malware, according to the Better Business Bureau.

In many cases, the BBB says, dangerous QR codes come as unsolicited communications or as postings in a public location.

QR (quick response) codes store information as pixel code in a square grid. They can be used for up-to-date public health details, as part of instruction manuals, for access to restaurant menus or in museums, for example, where they can instruct about a particular work of art.

But here’s an example of their dark side: A QR code posted on the back of a parking meter, leading drivers to think they can pay by scanning the code and using your email address and credit card number.

“You don’t receive proof of parking, but you may notice an amount charged to your credit card,” the BBB says.

Of course, you figure you’ve paid legitimately and that you’re free from the parking police. However, “some victims might return to find their vehicle has been towed or (they have) received a parking ticket for non-payment, multiplying the amount of money lost,” the BBB says.

As for phishing scams, those can start with a notification about supposedly dubious activity on a financial account, for example. The notice includes a QR code to verify the user’s identity, but that information goes directly to a scammer.

The scenario works because the design of QR codes “makes it impossible for the user to know where the code will direct them after scanning …,” the BBB says.

The Social Security Administration is warning about scammers who pose as an agency employee and send fake QR codes via text or email, demanding immediate payment for a supposedly outstanding debt.

“Social Security will never request any form of payment using a QR code,” the agency says.

Here are some prevention tips:

  • Take a close look at the payment site to which the QR code takes you. Red flags that it’s a fake website are poor design, a strange URL or bad grammar.
  • If you receive an unsolicited message from someone you don’t know that includes a QR code, don’t scan it.
  • If the text or message appears to be from a friend or co-worker and arrives through social media, contact the person to be sure they intended to send it to you and have not been hacked.
  • For QR codes posted in a public, unprotected place, look for signs of tampering. If you see anything dubious, have the business check the code before you use it.

Many businesses permanently affix QR codes by using a laminate or placing them behind glass within the establishment. Such codes often include the business logo, usually in the middle of the grid.

Contact Ellen Marks at emarks@abqjournal.com if you are aware of what sounds like a scam. To report a scam to law enforcement, contact the New Mexico Consumer Protection Division at 505-490-4060. Complaints can be filed electronically at nmag.gov/contact-us/file-a-complaint/

columns opinion
Powered by Labrador CMS