QR Code Scams

Welcome to The Safety Net, a newsletter that profiles scams and helps you protect your family from them. If you like this issue, please share it with anyone who might like it. Thanks!

QR Codes are everywhere, those blocky black grids that we scan with our phones to open up restaurant menus, travel times and other sites. For those of us that remember having to type website names into our phones, QR Codes are a fantastic time saver. 

Unfortunately, scammers have figured out how to use QR codes to pull of sophisticated scams. they know that your phone is good at filtering out spam messages, whether by email or text, so they need another way to get your attention. One way to do that is to replace QR Codes at popular locations with their own, which take you to sites that look real. You think you’re ordering lunch, and they just stole your credit card. 

There are many other ways QR Codes can be used to bypass your phone’s security features, including sending you emails with QR Codes in them since the spam filters don’t look at QR Codes when filtering your messages. 

Most QR Codes are safe, so how do we tell if a QR is not to be trusted? Here are some quick checks you can do:

1. Be careful where you scan QR Codes. Is the QR Code on the table at your restaurant? It’s probably fine. Is it on a sticker that someone might have put over a legitimate code? Be careful. 

2. Does the QR Code seem like a natural part of the experience, or does it seem odd? For example, why would someone email you a QR Code that you need to scan instead of just sending you a link? The only person who finds that easier is the scammer bypassing your spam filters.

3. After you scan a QR Code, make sure the place it takes you looks correct. For example, if you’re at a restaurant and you’re not sure, you can always ask the staff to verify for you. 

Many applications of QR Codes are legitimate, including Amazon return codes and tickets to events. However, in those cases someone else is going to scan your QR Code. Anytime you’re scanning a QR Code yourself, be careful. 

Read more about how scammers are using QR Codes in the NY Times

Join the Sanctum Waiting List! 

We’re in the process of building a suite of tools that will keep you safer online, including protecting you from scams. You can see a quick video about what we’re building, and we’d love for you to join our waitlist for early access if you’re interested.

Quick Tip of the Week: Security Notifications

Many online services seek to verify your identity using text messages. If you are going to get security codes sent to you via text, make sure that you cannot read them from the lock screen! If someone steals your phone, you don’t want them seeing your security codes as that allows them to steal more than your phone. By default, those text messages might appear on your lock screen so you can read them without unlocking your phone. 

Here is how to make sure no security information from notifications appears when your phone is locked:

• iPhone

• Android

Have you come across a scam recently? Received some weird messages that you think might be a scam? Forward them to [email protected] and we’re happy to help! We’ll take a look and let you know what we think, and if it is a scam we’ll profile it in future issues of The Safety Net to protect others.