QR Codes and Fraud: What You Need To Know

February 28, 2022

They’re everywhere these days. On restaurant tables. On posters. Millions of people watched one float around the screen on a Super Bowl ad. They’re even on a few pieces of Allied Healthcare Federal Credit Union material. They’re QR codes, the scannable barcode that has exploded during the pandemic as businesses increasingly provided touchless experiences, and they aren’t going away.

As QR interactions have grown 94% over the last three years, cybercriminals are trying to exploit this phenomenon, using modified QR codes to trick consumers into sharing confidential information that can be used to steal funds or identities.

Here’s what you need to know.

THE PROBLEM:
Cybercriminals attempt to lure victims into giving up confidential information by tampering with QR codes that send victims to what look like legitimate sites but are traps to collect information like bank logins or social security numbers. Malicious QR codes may also contain embedded malware, allowing criminals to gain access to your mobile device and location.

WHAT TO DO:
You can protect yourself by checking that the website that the QR code links to is authentic (your phone’s camera provides a preview of the link when you scan the code). Look for a correctly spelled URL that is simple and straightforward. QR codes that Allied Healthcare FCU uses will always lead members to ahfcu.org or a page under that domain so a QR code that sends a user to domain that is spelled slightly differently (a1fcu.org) or with a different prefix (ahfcu.com or ahfcu.net) are not legitimate. If you see a QR code on a piece of printed material, make sure it hasn’t been tampered with or covered over with a sticker. The camera on most smartphones has an automatic QR code reader so there is never a need to download a separate QR code reading app which are often fake applications carrying malware.

OUR QR THOUGHTS:
Your security is our priority and Allied Healthcare Federal Credit Union will never stray from best practices for keeping your finances safe. We use QR codes sparingly and when we do, they will always be printed directly on a piece of Allied Healthcare FCU material (look out for a QR code sticker overlaid onto a poster or a flyer, that may be a sign of a corrupted code) and our codes will only lead you to a page on ahfcu.org. Further, we never ask members to download a QR code app nor will a legitimate Allied Healthcare QR code ever be emailed to you or prompt you to provide your personal, confidential information. We use them to point members to new features or products that don’t require sharing information.

QR codes are a convenient way to deliver information but, like practically every aspect of the digital world, they are subject to bad actors. To learn more about how to spot QR code fraud, enjoy this resource.