Should You Trust That Random QR Code?

You could probably tell the difference between a real text message and one sent by a scammer. The phishing text likely has a sense of urgency, asks for payment as a gift card and might make you wrinkle your brow at some of the wording. But could you tell a fake QR code from a legitimate one?
Many of us are familiar enough with phishing scams -- where thieves impersonate a trusted sender to deliver a malicious web address -- to steer clear. But it can be significantly harder to recognize QR phishing, sometimes called Quishing or QRishing.
Unlike phishing, in which you can typically see the web address to identify its legitimacy, there's no way to easily distinguish between the QR code for a menu or a parking payment app with one that takes you to a fraudulent site with a malicious download.
The number of QR phishing attempts soared from 0.8% in 2022 to 12.4% in 2024, according to a recent Phishing Threat Trends Report from Egress.
Although you can try to avoid QR codes altogether, there are many times when we have to rely on them to pull up menus or pay for parking.
"To protect yourself from QR phishing, ensure your mobile device's security settings are up to date and use trusted security software," said Lisa Plaggemier, executive director of the National Cybersecurity Alliance.
Plaggemier also recommends that you only scan QR codes from reputable sources, whether on a physical sign, website or email. And if a QR code seems suspicious or directs you to a site requesting sensitive information, stop immediately.
QR phishing or QRishing is a cyber attack that uses QR codes linked to sites that trick users into downloading malicious content or providing sensitive information.
After the victim has downloaded the content, the attackers steal user information such as passwords, financial data and other personally identifiable information, or PII. The information can then be used to commit identity theft and financial fraud.
The trouble is, with QR codes, you may not be able to tell the difference between a malicious code and a legitimate one until you've scanned it. However, use your intuition. If you're at a gas pump and there is a random QR code beneath a questionable sticker, it's likely not worth scanning.
Always be skeptical of any QR codes you see and consider their source. Be extremely suspicious of QR codes in the following places:
Airports
Restaurants
Bus stops
Flyers such as fake parking tickets
Phony emails and text messages
And remember that it's always possible for someone to place a sticker with a malicious code over a legitimate code on a sign, parking meter or other trusted location.
Take a moment to examine public QR codes for signs of tampering. Watch out for QR codes from unsolicited text messages and emails, and be extra cautious of QR codes that promise free goods or prizes.
To avoid QRishing scams, always use a trusted QR code scanner app that includes security features that can detect malicious links. You could try TrendMicro's QR Code scanner, QR & Barcode Reader by Gamma Play or QR Code Reader by TeaCapps.
As a last resort, be sure to double-check the URLs you are being sent before clicking on them. Particularly for URLs that include common misspellings of popular company names or ones that merely contain the name of a trusted company within an untrusted domain name.
If you're the victim of QRishing scam, it's important to report the crime and protect your information. Any information you've given to the scammers may be compromised, including your name, address, Social Security number and financial accounts.
Contact your bank and inform them that your account has been compromised. You should immediately change your passwords, scan your devices for malware and implement multi-factor authentication if you haven't already. Also check your credit reports for fraudulent activity and consider freezing your credit.
Here are some additional resources for victims of QR code scams:
Federal Trade Commission -- The FTC has an online reporting site so that consumers can report fraud. You can also call the FTC's Consumer Response Center at (877) 382-4357 to file a fraud report by phone.
IdentityTheft.gov -- The FTC also offers this site to help consumers report cases of identity theft, get a recovery plan and put it into action. You can also call the FTC Identity Theft Hotline at 1-877-IDTHEFT (1-877-438-4338).
Social Security Administration -- The Social Security Administration offers resources for those who have had their Social Security number stolen. You can also report it to the Social Security Administration at oig.ssa.gov or by calling its Office of Inspector General fraud hotline at 1-800-269-0271.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Miami Herald

a day ago

• Miami Herald

Cyberattack on grocery supplier reveals fragility of US food supply

Hackers infiltrated one grocery distributor, and within days, there were bare shelves at stores around the country and even some pharmacies unable to fill prescriptions. That's not the beginning of some thriller novel. It's the real events that played out earlier this month as major wholesale distributor UNFI, dealt with a cyberattack. But the moral of the story is already clear: The nation's highly consolidated food supply is in need of stout digital defenses to protect it. 'It pretty much exposes the fragility of our whole grocery system,' said Gregory Esslinger, a distribution expert, brand adviser and former UNFI manager. 'It's a national security issue, honestly.' Based in Providence, Rhode Island, UNFI has about $31 billion in revenue and supplies 30,000 stores nationwide. 'It's been years, but they're still gradually integrating the SuperValu systems,' Esslinger said of UNFI. 'When you integrate systems, you potentially open doors to issues like this.' While operations at the country's largest publicly traded grocery wholesaler have edged back to normal after UNFI detected the attack June 5 and shut down its ordering systems, preventing and better responding to the next hack will be the greater test. 'If it happens again, that would be the end of them,' Esslinger said. 'The confidence would be shattered.' Having a handful of big suppliers like UNFI distribute the majority of the nation's groceries can help keep the price of food down, but it carries enormous risk when something goes wrong. Every part of the supply chain should take note of what happened and revisit their security plans, experts said. 'If you're in the industry, this is a great opportunity to take this to the board, ask for the budget, ask for what you need to mitigate the risks,' said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. 'You know the phrase, 'Don't let a good crisis go to waste.' I hate to say that, but you can take incidents like this and quantify it.' Steinhauer and others believe the attack on UNFI was likely ransomware. Typically, that means a hacker has been able to access and lock up key systems, promising to free them only after the target pays a ransom. 'It does have all the telltale signs of a ransomware attack because the apparent effects are so widespread,' said Adam Marrè, the chief information security officer at the Minnesota-based cybersecurity firm Arctic Wolf. But the company has released few details. UNFI on Wednesday declined to answer questions about the nature of the attack 'as the investigation is ongoing.' 'We've made significant progress toward safely restoring our electronic ordering systems,' the company said in a statement. UNFI distribution centers are again taking orders and making deliveries as of Sunday. Beyond the threat of Americans being unable to access food, attacks like these are also devastating to the company. Every moment of downtime in the logistics business is financially costly. Guggenheim analysts took down their quarterly sales estimate for UNFI by $250 million, a projected 3% hit to the wholesaler's top line. UBS analyst Mark Carden wrote the impact could last much longer. 'We do see some risk to customer retention,' Carden wrote. 'We expect disruption to UNFI's (revenue) to persist over the next few quarters.' It's that kind of damage that makes grocery distributors and other key links in the supply chain such attractive victims for hackers. 'Ransomware actors target industries more likely to pay than not pay,' Marrè said. 'It appears they chose not to pay the ransom, which we recommend and so does law enforcement, but we also understand the business and life-saving realities surrounding that decision.' The UNFI attack follows other critical infrastructure hacks like the Colonial Pipeline in 2021. Any other companies those spooked should take precautions and practice response plans, Marrè said. 'Prevention is great,' he said. 'But at the end of the day, the ability to detect and respond to an incident is a must. There needs to be backup plans and alternates in your supply chain.' Esslinger said a number of factors might have contributed to the UNFI cyberattack and resulting shutdown, which stalled deliveries and, in some warehouses, saw employees taking orders on pen and paper. 'It's some lack of foresight or planning,' he said. 'The other train of thought is they recently laid off a number of people and outsourced some roles. Did that open the door?' 'UNFI regularly evaluates and adopts new tools and technologies as appropriate to strengthen our information security program to address evolving threats,' the company said in a statement, 'and we are continually taking steps to further enhance the security of our systems.' Copyright (C) 2025, Tribune Content Agency, LLC. Portions copyrighted by the respective providers.

Yahoo

a day ago

• Yahoo

NVIDIA (NasdaqGS:NVDA) Collaborates With Tech Soft 3D And Trend Micro For AI Solutions

NVIDIA recently announced a collaboration with Tech Soft 3D and a partnership with Dell Technologies and Trend Micro, focusing on enhancing interoperability and AI-powered cybersecurity solutions, respectively. These strategic moves likely supported the company's notable 23% price increase over the last quarter. Additional factors such as the company's Q1 earnings report, which revealed significant revenue and net income growth, might have also bolstered this trend, despite a broadly flat market. NVIDIA's proactive expansions in AI and digital innovation align with industry growth forecasts, contributing positively to its market performance. Every company has risks, and we've spotted 1 possible red flag for NVIDIA you should know about. The best AI stocks today may lie beyond giants like Nvidia and Microsoft. Find the next big opportunity with these 27 smaller AI-focused companies with strong growth potential through early-stage innovation in machine learning, automation, and data intelligence that could fund your retirement. The recent collaborations NVIDIA announced, focusing on enhancing AI-powered cybersecurity and interoperability solutions, could substantially impact the company's future revenue and earnings potential. These partnerships aim to expand NVIDIA's presence in the cybersecurity and AI sectors, aligning with trends that support growth in data center and AI workloads. The quarterly price increase of 23% is influenced by these strategic alliances, adding to the company's robust performance over the past five years, where total returns reached a very large percentage. Over this longer period, NVIDIA's shares exhibited phenomenal growth, outpacing many within the broader market. Over the past year, NVIDIA's returns contrasted with the broader US market, which saw a more modest 9.9% gain. Analysts anticipate these partnerships with Tech Soft 3D and Dell Technologies, combined with NVIDIA's expansion into the automotive sector through alliances with Toyota and Uber, will positively influence revenue and earnings forecasts. With revenue at US$148.52 billion and earnings at US$76.77 billion, the projected growth trends appear promising. As analysts predict future growth trajectories, the current share price indicates expectations of further price appreciation. Based on the consensus analyst price target of US$172.65, the share price reflects a discount, highlighting potential upside. This price movement demonstrates optimism around the anticipated financial performance, driven by NVIDIA's strategic initiatives and continued innovation across its key sectors. Our valuation report unveils the possibility NVIDIA's shares may be trading at a premium. This article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned. Companies discussed in this article include NasdaqGS:NVDA. This article was originally published by Simply Wall St. Have feedback on this article? Concerned about the content? with us directly. Alternatively, email editorial-team@

Yahoo

2 days ago

• Yahoo

Encrypted QR Codes are here. Should workplaces be using them?

Companies go to great lengths to protect sensitive personal and financial information. But as cybercriminals become increasingly sophisticated, scams are on the rise, putting key information at risk of being compromised. Scammers often use phishing techniques to access secure data or personal information. Cybersecurity company Egress reports that QR Code scams in emails accounted for 12.4% of all phishing emails in 2023, jumping from 1.4% just a year prior. Health care, hospitality, education, and insurance industries are most likely to be targeted with phishing schemes, according to a 2024 report from cybersecurity firm KnowBe4. While companies have long been aware of email phishing scams, QR Code "quishing" (QR Code + phishing) scams have presented a new way to manipulate and deceive. Quishing targets businesses in a few ways: Instead of taking users to legitimate websites, QR Codes direct users to fake websites that may prompt them to provide banking access or enter personal information like passwords. Fake QR Codes can also prompt users to download malware onto their devices, which can wreak havoc. Phishing is one of the most common crimes, according to the Federal Bureau of Investigation's Internet Crime Complaint Center. Phishing crimes were reported nearly 299,000 times in 2023—a 161% increase since 2019, according to a 2023 report from the Bureau. Some of those scams include the ubiquitous black-and-white squares that people have hijacked in phishing scams, prompting the Federal Trade Commission to issue a warning about the risks of QR Codes in 2023. Savvy workers might assume they're not susceptible to scams, but those geometric codes, difficult to distinguish from one another, may appear more benign than a sketchy URL. "They want you to scan the QR Code and open the URL without thinking about it," Alvaro Puig, a consumer education specialist for the FTC, said in a statement. Quishing scams often leverage brand names or familiar emails to dupe busy employees. A common scam is phishing emails that impersonate Docusign. Bad actors ask people to access funds from a "funds settlement agreement" by scanning a QR Code, which points them to a fake Docusign website where they can fork over their sign-in credentials. Other common Quishing attempts include Zoom meeting invitations and HR reminders for policy reviews, according to KnowBe4. The company's research found that globally, nearly 49% of clicks on phishing links in the third quarter of 2024 purported to be emails about HR or IT matters. Consumers may be familiar with public-facing scams, such as fraudsters tricking people into sharing payment information on fraudulent websites using fake QR Codes stickered onto parking meters. Fraud investigations into fake QR Codes have been underway across the nation, with cities like Austin, Houston, and San Antonio in Texas, as well as Newtown, Massachusetts, for instance. Meanwhile, however, businesses may face a different kind of threat from within if employees aren't aware of the risks of QR Codes or if hackers infiltrate systems to access information protected by QR Codes that lack extra security. As workplaces grapple with new security threats, businesses may seek extra protective measures. Uniqode examined industry reports and news coverage to find out how new technologies like encrypted QR Codes and ink authentication can help protect workplaces from scams. Companies can protect themselves by using encrypted QR Codes to secure their links further. There are varying levels of encryption, but they generally utilize a secret decryption key that allows the scanner, typically a phone, to read the QR Code before moving forward. For example, Google experimented in 2012 with encrypted QR Codes that allowed people to log into their email from a public computer. Users could scan the QR Code on their smartphone with the approved credentials; once this decryption passed, the email on the public computer would automatically log in. QR Codes can also be password protected, requiring a code to open the link and proceed. Dynamic QR Codes allow users to add passwords that can be changed later, whereas static QR Codes, once created, stay the same. Encrypted QR Codes can be helpful in settings where the shared information requires confidentiality or added security, such as health care records, event tickets, and legal documentation. Encryption helps protect the data stored inside a QR Code so only authorized users can access it. Businesses can use encrypted information to protect confidential consumer information during a breach and as an extra safeguard against extortion. An extra layer of security to guard data from bad actors can also give companies greater peace of mind. Massachusetts Institute of Technology researchers pioneered Invisible ink authentication, an advanced security measure designed to hide QR Codes in plain sight, such as on documents, to prevent counterfeiting. Invisible QR Codes have fluorescence—so they cannot be seen by the naked eye or detected by a camera lens. Only users aware of the fluorescence can utilize a specialized filter to detect and scan the code, accessing key information securely. Another advancement is algorithm-driven anti-copy technology, which adds a layer of security to QR Codes by preventing counterfeiters from passing off knock-offs as the real thing. Unlike regular QR Codes, which can be copied or modified to point users to a fake website, anti-copy security QR Codes have a subtle watermark and use an algorithm for authentication that makes them extremely hard to fake. They're particularly useful when used in pairs for shipping a product, where the top QR Code can be used multiple times along the shipping route, but the bottom QR Code can only be used once—authenticating the product. Old-school, street-smart techniques should not be underestimated in their capacity to protect people from quishing scams. "The good news is that the way to [be] safe from this malicious activity is to use the steps we have already learned from phishing and other social engineering attacks, such as only scanning codes from trusted sources, verifying links are legitimate and looking out for other red flags," Garrett McManaway, chief information security officer of Wayne State University, wrote in a blog post. Duke University security guidelines recommend only using native QR Code scanners, checking the URL to see if the code sends the user to the anticipated website, and other website details that signal authenticity, such as a matching logo and color scheme. Another hallmark of a quishing scam is a false sense of urgency—attempts to push victims to act quickly without thinking, such as contacting someone immediately to deliver a package or log in to an account due to alleged suspicious activity. People can protect themselves by being wary. Take a moment to think before scanning, avoid short URLs, and, if it seems fishy, there's a good chance it is phishy. Story editing by Alizah Salario. Additional editing by Elisa Huang. Copy editing by Kristen Wegrzyn. Photo selection by Lacy Kerrick. This story was produced by Uniqode (Beaconstac) and was produced and distributed in partnership with Stacker.