ISB Blog

In this era of digital convenience, QR codes are quickly becoming a staple in our everyday transactions. These two-dimensional barcodes, when scanned with a mobile phone camera, can quickly redirect users to websites, connect them to a Wi-Fi network, or even facilitate payments. What could go wrong? Well, this easy-to-use method opens the door for criminals to exploit QR codes for malicious purposes. But how?

One common method is QR phishing, where a fraudulent QR code redirects users to a fake website that mimics a legitimate one. These fake websites often prompt users to enter personal information or login credentials, which the scammers then use for identity theft or fraud. Another tactic involves placing stickers with malicious QR codes on top of genuine ones in public places, such as on parking meters or restaurant menus. Unsuspecting users who scan these codes may unknowingly be directed to a fake payment site, resulting in stolen card numbers or unauthorized transactions.

In some cases, scammers use QR codes that, when scanned, prompt the user to send money to the scammer instead of receiving a service or product like they expected. This version of the scam may lead to direct and immediate financial loss, and potentially compromise the user’s bank account.

What can you do to protect yourself?

1. Always verify who a QR Code belongs to before scanning it,
2. Pause and examine the QR code closely. Look for any signs of tampering, unusual colors, or misspellings. If something seems suspicious, don’t scan it,
3. Avoid scanning unsolicited QR codes received via email or text message and avoid codes from unknown sources.
4. Iowa State Bank, government officials, and critical service providers do not send QR codes demanding payment.