Beware! The Grinch may be disguised as a QR code this season

Whether you’re out and about holiday shopping or shopping online, be mindful to keep your personally identifiable information (PII) safe. Scammers know this is the perfect opportunity to be a Grinch and steal the holiday cheer of unsuspecting shoppers - while cashing in big-time.

Online shopping poses a potential threat from cyber thieves who are poised to steal PII. This season, scammers have taken it up a notch with the latest trend of committing fraud via QR codes, and holiday shoppers need to beware! Share this information with your family and friends for a safer holiday shopping season.

How it works

Fraudsters are using QR technology to steal PII, credit card details, banking information and even recent website activity from personal devices. In a matter of minutes from the moment the QR code is scanned, malware is installed on that device and personal data is transferred to the information thief.

When eyeballing a QR code, remember those lessons from cybersecurity 101. Just as you should never click on suspicious hyperlinks or download questionable looking attachments, also avoid suspicious QR codes that may be fuzzy looking or have misspellings.

Take note of strange-looking websites that offer deeply discounted items or have a countdown clock; these may appear safe but are nothing but trouble.

Criminals have been known to replace QR codes of reputable companies by placing a sticker on top of publicly placed business posters, brochures and even restaurant napkin dispensers. This kind of QR code phishing scam is dangerous because the user thinks the code comes from a reputable company, never thinking twice about trusting the information that could redirect them to a possible malicious site.

Avoid financial loss

Here are steps you can take to avoid losing valuable information and money:

• If a family member, friend or acquaintance sends a QR code, be sure to reach out to them directly to make sure they did send it.
• Additionally, it is imperative not to open links or scan QR codes sent by strangers, and double check the URL before opening the link.
• Verify the source that sent the code by double-checking the link and physically visiting the official website.
• Review the links carefully. In some cases, the URL may be off by only one word or letter. That is purposely meant to confuse the target of the phishing scam.

With the number of scammers only increasing, there are QR scanner apps that incorporate added security, like a firewall on your phone to identify scams before you open them.

While many of the machine-readable optical labels you view are trustworthy, some can be downright dangerous. And if you fall victim to a crook lurking behind a fraudulent QR code, you may feel like the Grinch stole your Christmas.

(Partially reprinted from Shazam Blog)