How to stay safe from the rising QR code scams?

More than 26 million people have been tricked into visiting malicious websites by scanning fake QR codes, which are often posted over real codes in public places such as bus stops, gas stations or on advertising flyers, according to a warning from Panama-based cybersecurity firm NordVPN.

When users accidentally scan, they can have their personal information stolen such as login names, passwords, credit card numbers, and the device can even be installed with spyware, allowing hackers to control it remotely.

The US Federal Trade Commission (FTC) has issued a warning about QR codes printed on packages. A seemingly harmless scan can lead you to a fake website where all your personal data can be stolen in just a few clicks.

In the US, the New York Department of Transportation has discovered fraudulent QR codes on parking payment machines. Hawaii Electric has also warned customers about similar tricks to steal electricity bills.

Statistics from cybersecurity platform KeepNet Labs show that currently up to 26% of malicious links are spread via QR codes, an alarming number as this form is becoming more and more popular, surpassing even traditional email phishing campaigns.

The worrying thing is that most users can’t tell the difference between a real and a fake QR code. Fraudsters simply overprint a fake code onto real billboards or documents, similar to how crooks attach data-stealing devices to ATMs. QR codes were created for convenience, not security, which is why they’re becoming a powerful tool for hackers.

Experts even consider QR codes more dangerous than traditional phishing emails. Because when you scan, you cannot immediately see the web address to check. And this is the reason hacker groups use QR codes to spread malware, attack military systems or steal device access through remote access malware.

Be especially cautious when scanning QR codes in public. Only use codes from trusted sources, and avoid scanning codes from unknown sources on unfamiliar parcels, billboards, or flyers. What may seem like a convenient action can be an open door for cybercriminals.

How to protect yourself from fraudulent QR codes?

Like many other scams, QR code attacks often take advantage of the victim's impatience and haste. Therefore, the most important principle to stay safe is to stay calm, alert and not act hastily.

You wouldn't click on strange links or files in emails, so don't randomly scan QR codes on billboards, electricity poles, flyers, or in public places of unknown origin.

In particular, if you see a QR code at the bottom of a poster advertising an event or a brand, search for the event or company name on Google and visit the official page instead of scanning it directly.

When scanning a QR code and being redirected to a website, never enter personal information such as full name, ID number, bank account or password.

Check carefully whether the website address is a familiar domain name such as .com, .vn or not? Or is it a strange extension such as .tv, .top, .xyz, which are often used by scam sites to trick users?

For Android users, you can install reputable antivirus apps to further protect against malware and fake websites. Additionally, if you are really concerned about the risk of information theft, you can consider using identity protection services. These services not only help detect and prevent fraud but also help recover stolen accounts or funds.

As QR codes become more and more popular – from payments to menus to event registration – the risk of being attacked by this type of malware is also increasing. Experts warn that cybercriminals are constantly finding new, more sophisticated ways to exploit QR codes.

So, always be careful when taking out your phone to scan a code. A seemingly harmless scan can lead to unpredictable consequences, from losing money, exposing personal information to having your device remotely controlled. Caution is the key to protecting yourself in the digital age.