Beware! The Grinch may be disguised as a QR code this season.

posted on Tuesday, November 23, 2021 in SHAZAM Blog

Whether you’re out and about holiday shopping or shopping online, be mindful to keep your personally identifiable information (PII) safe. Scammers know this is the perfect opportunity to be a Grinch and steal the holiday cheer of unsuspecting shoppers - while cashing in big-time.

Online shopping poses a potential threat from cyber thieves who are poised to steal PII. This season, scammers have taken it up a notch with the latest trend of committing fraud via QR codes, and holiday shoppers need to beware! Share this information with your cardholders, family and friends for a safer holiday shopping season.

How it works
Fraudsters are using QR technology to steal PII, credit card details, banking information and even recent website activity from personal devices. In a matter of minutes from the moment the QR code is scanned, malware is installed on that device and personal data is transferred to the information thief. 

When eyeballing a QR code, remember those lessons from cybersecurity 101. Just as you should never click on suspicious hyperlinks or download questionable looking attachments, also avoid suspicious QR codes that may be fuzzy looking or have misspellings. Take note of strange-looking websites that offer deeply discounted items or have a countdown clock; these may appear safe but are nothing but trouble.

Criminals have been known to replace QR codes of reputable companies by placing a sticker on top of publicly placed business posters, brochures and even restaurant napkin dispensers. This kind of QR code phishing scam is dangerous because the user thinks the code comes from a reputable company, never thinking twice about trusting the information that could redirect them to a possible malicious site. 

Avoid financial loss
Here are steps you can take to avoid losing valuable information and money:

  • If a family member, friend or acquaintance sends a QR code, be sure to reach out to them directly to make sure they did send it.
  • Additionally, it is imperative not to open links or scan QR codes sent by strangers, and double check the URL before opening the link.
  • Verify the source that sent the code by double-checking the link and physically visiting the official website.
  • Review the links carefully. In some cases, the URL may be off by only one word or letter. That is purposely meant to confuse the target of the phishing scam.

With the number of scammers only increasing, there are QR scanner apps that incorporate added security, like a firewall on your phone to identify scams before you open them.

While many of the machine-readable optical labels you view are trustworthy, some can be downright dangerous. And if you fall victim to a crook lurking behind a fraudulent QR code, you may feel like the Grinch stole your Christmas.  

Be safe, and happy holidays from SHAZAM!

SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 


comments powered by Disqus