Posted on March 3, 2022
How to safely scan a QR code with your smartphone
If you’ve been to a restaurant lately, you’ve probably scanned a funky-looking symbol to pull up a menu on your smartphone. Those symbols — known as QR codes — have been the go-to, no-contact menu option during the pandemic, and they’re popping up everywhere for coupons, deals and more.
A QR code even made an appearance during a recent Super Bowl commercial. However, some QR codes can be dangerous. The FBI recently warned that cybercriminals could use QR codes to steal money and personal information from unsuspecting people. The good news is many QR codes are safe. In this week’s tip, we’ll show you how to scan a QR code safely to help avoid being tricked.
In its January announcement, the FBI warned that smartphone users could open themselves up to a cyberattack by scanning a malicious QR code, saying:
Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information.
Luckily, many QR codes are perfectly safe, but you should use caution and some commonsense before pulling out your smartphone to start scanning.
Here are some tips to stay safe when scanning a QR code:
- Don’t download a QR scanner app, which could increase your risk of downloading malware. All you need to scan a QR code is the built-in camera app on your phone.
- Likewise, don’t download apps from a QR code scan.
- Only scan QR codes from trusted sources. If you’re at a restaurant, you’re probably safe. If there’s a QR code sticker by an ATM or gas station that looks suspicious, you’ll want to steer clear.
- Make sure the QR code hasn’t been tampered with or that a sticker hasn’t been placed over the top of another code.
- Double-check the URL (the internet address in your browser) of the website you visit after scanning the code. Malicious sites are built to look legitimate, but the URL will likely look suspicious.
- Don’t enter financial information on a site navigated through a QR code — and be very careful entering login and password credentials, too. It’s always a good practice to verify that the website you are using is legitimate and secure before entering your personal information.
- There is never a need to scan a QR code in an email, especially when a link will do. If a company sends you an email saying you must scan a QR code because of a payment failure, call the company to verify (and not the one included in the email).
- Lastly, trust your gut. If the QR code or the site you visit seems fishy, it probably is.