Beware of Malicious QR Codes
Quick Reference (QR) codes have increased in popularity in recent years. QR codes allow a user to use their camera-phone to scan a graphical code, linking them to online resources such as restaurant menus, conference materials, websites, and product user manuals. They are easy to create by anyone online. However, hackers can also use them to redirect users to fake websites and to download malicious code onto their devices
Fraudsters create QR stickers to place over kiosks, meters, menus and packaging. A popular scam involves fraudsters sending mail or packages containing malicious QR codes, offering fake warranties, discounts, rebates, and free gift offers. Victims who scan these malicious QR codes are then tricked to follow bad links or give up personal information. This can cause them to get locked out of their device, and gives fraudsters access to bank accounts.
Action steps:
Use Pause, Verify, Report to protect yourself from QR code scams.
-
Pause before clicking on any QR Code and check to see if it is a sticker or from an unknown source.
-
Verify that the QR Code is legitimate. Legitimate QR codes will ask you if you want to navigate to the site and show the website. It is safer not to use QR codes and go directly to the official website to get the needed information or resources.
-
Report any suspicious activity involving Commonwealth devices or properties to your security staff immediately.
See our CTR Cyber page for more cybersecurity internal controls and contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.