The FBI warned last month about the dangers of ” jacking” – a practice in which bad actors steal your data or install malware onto your smartphone using public chargers. There have not been documented cases of juice-jacking in the wild. This might cause some to think that digital security warnings about QR code scams are just another tech moral panic.

You should still be alert to QR code scams . You shouldn’t be alarmed by them.

News about QR code scams

Recent QR code scams are making headlines. According to Bleeping Computer a scammer stole $20,000 from an elderly woman in Singapore who scanned a QR Code that appeared to be for a local bubble tea shop. She was promised a cup of free milk tea if she completed the survey. So, when asked to do so, she scanned the code and downloaded the app. You may have guessed that the app had nothing whatsoever to do with a bubble tea shop. The malware was installed on her phone and $20,000 from her bank account were stolen.

A Redditor named hamsupchoi shared a warning on r/sanfrancisco to alert other residents of the city about a scam that they fell for. The “parking tickets” appeared to be legitimate at first, but the city seal was not present on a genuine parking ticket. Also, the QR code for “paying online” gave access to their bank accounts.

The Better Business Bureau also highlighted a FAFSA Scam, in which bad actors fool you into believing they can help pay off your student loan. The QR code will “helpfully” take you to “studentaid.gov”, but it’s not real. All the money that you pay goes to scammers and not to your student loans.

How QR Code Scams Work

The majority of the time, scanning a QR Code alone is not dangerous. The danger is in what you do once scans the code. Scammers may design QR codes to install malicious software on your device with the aim of stealing information or running ads. They might also create a website that looks official, but steals your information such as login credentials.

This is the first red flag: strong>Do not download an app from a QR code unless you are 100% sure the organization behind the code is legit/strong>. The first red flag is: Never download an app based on a QR Code unless you’re 100% certain that the organization is legitimate. It is the easiest way for bad actors into your phone.

The app could not steal $20,000 off the victim. When she opened the application, it asked her permission to access her phone’s camera and microphone, along with Android Accessibility Service. This last permission enables an app to control the screen to make it more accessible, but for bad actors, this is a way to get into their victim’s lives. The bad actors were then able to get the login credentials of the victim, when she used the banking app. This allowed them to access the victim’s finances without her knowledge. Yikes.

If you use a QR code to access a site you think is legitimate, you might be asked to enter your username or password. But when you attempt to log in, you get nothing. The “site” you’re visiting is a fake. It exists solely to learn your login credentials. If you’re unsure whether a QR code will take you to your existing account on a website, such as Amazon or your bank site, you can navigate to the URL yourself.

How to scan QR codes safely

Are QR codes dangerous to scan? Not at all. QR codes will continue to be used, even as the world returns to normal after COVID, when you can hold a menu again in a restaurant. There are many uses for QR codes, and you can scan them safely.

In this article , we’ve covered some tips to stay safe when scanning QR Codes. It’s a good idea to be skeptical of any QR code that you see. Bad actors can easily create QR codes and place them where they think people will scan them.

If you know the URL of the QR code, such as a menu at a restaurant or the website of a company, you can try to go there without the QR. It may not work in some cases, but you can always Google the restaurant’s name to find its menu. Be careful not to fall for a fake Google advertisement disguised as an legitimate link. Scammers are everywhere.

There’s another way to protect yourself from QR code scams. Don’t give permissions to for anything when scanning a QR Code. Also, don’t install apps or files if prompted. The QR code will not need to access your phone’s microphone, camera, location or accessibility features 99% of the times. You can still order from your favorite restaurant without allowing access to any of these features. Bad actors will not be able run scams because you won’t allow them to. Don’t click on anything that you don’t fully understand or feel comfortable with.

This approach makes scanning QR codes much safer. You can be proud that you have ruined a hacker’s day by refusing to scan anything that requires you to give permission for your accessibility settings, or download an app.