QR codes are everywhere: restaurant menus, doctor’s offices, music playlists, and more. They are quick and convenient, but scammers are now exploiting this technology to steal sensitive information. A growing wave of QR code scams is hitting mailboxes, so knowing how to protect yourself is crucial.
A new type of QR code scam
Scammers are constantly evolving their tactics, and a new threat is emerging in the form of QR codes sent through physical mail. The National Cyber Security Centre (NCSC) in Switzerland has issued an alert for this new scam that uses the postal service to deliver malware. This scam involves a piece of mail arriving at the target’s door, urging them to download an app using a QR code. When the target scans the QR code, it directs them to a third-party website, not an official app store. This app is malware that a hacker has disguised as a legitimate app to steal sensitive personal and financial data from the user’s device. When downloaded, the malware infects the user’s device and steals and tracks their information.
In this case, outlined by the NCSC, the mail urged recipients to scan a QR code to download a “Severe Weather Warning App.” The app imitated a legitimate government app with a few changes to the logo. However, QR codes in the mail can be used for a variety of deceptive purposes. For example, scammers can use QR codes to direct victims to fake websites or fake payment portals to steal information.
Why are QR code scams so dangerous?
QR codes are used in everyday life, so they are often seen as convenient and harmless. This scam is so dangerous because when people receive a letter in the mail, they are more likely to trust the content. This is especially true if it appears to come from an organization they recognize, such as a bank or government agency.
How to protect yourself from QR code scams
While it may seem difficult to avoid these kinds of scams, there are several steps you can take to protect yourself:
- Do not scan unsolicited QR codes: Be cautious if you receive an unsolicited letter containing a QR code, especially from an unknown source. Try visiting the organization’s website directly or calling a known phone number.
- Check for red flags: Look for signs that the mail might be fraudulent. Check for unsolicited requests for money, spelling mistakes or bad grammar, and suspicious URLs.
- Verify the source: If unsure if a QR code is legitimate, consider going to the organization’s website through your browser rather than scanning the QR code. You can contact the organization directly to confirm if the mail is genuine.
- Use two-factor authentication: Even if your logins get compromised, enabling two-factor authentication can give you an extra layer of protection.
- Educate friends and family: If you have friends or family who may not be as tech-savvy, especially older family members unfamiliar with QR codes, it is important to educate them on the risks.
Let’s talk
By staying vigilant and following these steps, you can avoid falling victim to this new wave of fraud. Contact one of our experienced Avery Hall agents today at 410-742-5111 to learn more.
