FBI warns QR code scams on the rise as criminals create fake codes to steal your info

CHICAGO (WLS) -- The ABC7 I-Team has an alert about QR code cons: fake codes being created to rip you off.

QR codes are everywhere. You can quickly scan them with your phone to read a restaurant menu, get a new app, or go to a website. But there are QR con artists using the new tech to get your banking information or hold your smartphone hostage.

"They can get into every account you have if they have enough time," FBI Special Agent Siobhan Johnson told the I-Team.

The FBI issued a QR code warning that says criminals are putting stickers of fake QR codes over the real ones on restaurant tables or flyers. They're also sending them out via email claiming to offer deals or promotions.

"You might find this malicious QR code on a menu or on a flyer someone's put out for people to see," Johnson explained. "And once you use that QR code, it takes you to a malicious website that's been designed to mirror a real one."

That first QR code scam leads you to fake websites which phish for your personal and financial information. Some sites can be made to look like your bank or phony parking payment platforms.

SEE ALSO | Illinois using SMART health card with personal vaccine QR code to prove you're vaccinated

"One of two things could happen - one is, you're just sending scammers your parking meter money, which that's actually the best case scenario," warns Mashable Technology Journalist Matt Binder. "The worst-case scenario is when you input your information to pay, and you're not actually paying, you're just sending over your credit card information or banking account information to the scammers."

The legitimate ParkChicago app pushed an alert warning to consumers, saying to "be aware of fake QR codes," adding "the ParkChicago app and on-street payboxes do not use QR codes."

The FBI says a second QR code scam can lead you to websites which can then download malicious malware to obtain information on your phone. That malware can also allow scammers to hold your device hostage and demand payment. If this happens, you should report it to the FBI and never pay the ransom.

"If your phone downloads that malware, you're at the mercy of the scammers, they could hold your information for ransom. Or they could just shut your phone down. They could steal photographs that are on that phone. You have a lot of vulnerabilities, our cell phones our lives right now," Binder said.

So what can you do to spot QR con? First, don't open codes sent from strangers.

"Treat QR codes like you treat suspicious phishing emails, or text messages from people you don't know," advises Binder.

Even if your friend sends you a QR code, confirm that it was really them sending it. If it's an e-mail with a code from a business, call the company or go to their website. And after you scan, inspect the web address before you click.

"Just double check the URL and where it's going to send you," Binder added. "If you don't know who they are, I would definitely not click it."

If printed out, look for any signs of the QR code being tampered with, or keep an eye out for a sticker over it.

"There have absolutely been reports of people being victimized with bad QR codes," Johnson said. "And the key thing here is that it doesn't have to happen."

The FBI also says to beware of phony QR code apps claiming to help read QR codes as they can also be a scam. If you download them before researching, they can be gateways for criminals to access your phone and information.
Copyright © 2022 WLS-TV. All Rights Reserved.