QR codes, those square-ish barcode thingies you can scan with your phone for quick and easy access to a website, are sort of the evolution of the AOL keyword. They’re incredibly useful, saving precious seconds in a hundred different ways and scenarios. But since a code is basically just a visualized web address, you need to be wary of which ones you scan and activate. That’s according to the latest consumer alert from the US Federal Trade Commission.
The FTC’s warning blog post (spotted by The Verge) says that scammers are actively using fake and malicious QR codes in the wild — fake in the sense that they’re misleading, not that they’re non-functional. The post warns of dummy QR codes placed in inconspicuous public places, like on the parking meter where you’re told to pay with an app, covering up the real service and getting you to enter your payment info into a honeypot (and possibly getting your car towed in the bargain).
That’s on top of less elaborate schemes, which just send a QR code in a fake email or text message in order to add another layer of obfuscation to a dodgy website or app download. These aren’t isolated incidents — tens of thousands of such attacks have been documented so far. The advice for protecting yourself is the same as it ever was. Be careful of anything that’s trying to get you to make a quick decision, like an email or text that says your package has been delayed, and carefully inspect the URL of a code posted in public before you visit the site.