Cybercriminals are exploiting QR codes in unexpected packages to steal personal data or install malware.
You may be familiar with QR codes. They are square black and white barcodes that you can scan with your phone’s camera to be instantly directed to a website or mobile app. Unfortunately, cybercriminals can use QR codes to their advantage. This scam begins when you receive a package in the mail that you weren’t expecting. There’s no return address or sender information, but a QR code is printed on the box.
However, the package, which contains an item of little to no value, is just a trick to get you to scan the code. It was sent by cybercriminals, and they hope you will be tempted to scan the code to find out where the package came from. If you scan the QR code, you’ll be taken to a fake website and asked to enter your personal information so that cybercriminals can steal it. The website could even secretly install malware on your device!
Tips to Stay Safe
Follow these tips to avoid falling for this QR code scam:
- Be suspicious of any package you receive that you didn’t order, especially if it has no sender information.
- Never scan a QR code from a source you don’t recognize or trust. Cybercriminals can use them to send you to malicious websites.
- Be careful about allowing websites and apps to access your phone’s data after scanning a code. Cybercriminals can use these websites and apps to steal your data or download malware to your device.
Stop. Look. Think. And don’t be fooled.
Tips of the Week Brought to You By Our Partners at KnowBe4
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
