QR codes in emails? Watch out - it could be part of a 'Quishing' scam

ByDiane Wilson WTVD logo
Tuesday, October 3, 2023
QR codes in emails could be part of a new scam
QR codes are just about everywhere and the goal is for you to scan and get more information and now scammers are using them to trick you.

RALEIGH, N.C. -- A new email scam campaign is using QR codes to get your sensitive information.

It's called "quishing" or QR phishing, and security experts say it's when fraudsters launch email campaigns that appear to have legitimate QR codes. But if you scan the QR code in that scam email, embedded is a malicious URL that will lead you to websites that contain malware or websites designed to steal your personal or financial information.

These emails typically come from what seems to be a well-known company or brand. But in reality, they're just copycats, and that's what makes quishing so successful. Many of these fraudulent QR codes lead you to believe you will get a discount or special offer.

MORE: Romance scammer swindles life savings from widow

Finding love cost a widow more than $70,000. After losing her life savings, she's sharing her story to try and save others from the same emotional and financial heartbreak.

In efforts to try and protect yourself from falling victim to this scam, security experts say you should preview the URL before accessing the link. If the URL is unreadable, use caution.

If you click on the link from the QR code, look for spelling and grammatical errors. If the site is not secure, that's often a sign it's a bogus website.

"You're going to want to look for the lockbox icon in the left corner of the URL and also see if it starts with an HTTPS. Of course, the HTTPS stands for secure. If you see that and the lockbox icon, that's generally a pretty good sign that you're on a safe website," said Nick Hill with the Better Business Bureau

If you do scan a fake QR code, change your passwords to the accounts you may have given scammers access to.

Also, take steps to secure any of your financial accounts. Setting up two-factor authentication on your accounts also helps protect your accounts. Plus, you can set up fraud alerts for extra protection.