In early December 2023 the United States Federal Trade Commission issued a statement (see below for the full text) regarding the use and mis-use of QR codes. The Seybold Report first started writing about the incorporation of QR codes in print and digital projects nearly 20 years ago, and today the graphic arts industry routinely uses them and advises customers to use them. We have some suggestions for how the industry (including printers, publishers, and graphic artists) should react to the growing use of QR codes for illegal and nefarious purposes.
- We would like to see the industry become proactive in this issue, rather than reacting to whatever is happening. In other words, get out in front and do something to help rather than following behind muttering and sputtering about it. Technology can be used to help make QR code user safer. Let’s do that.
- We would also like to see the industry be open about the possibilities for mis-use, which opens up the door to then talking about what the industry is doing to prevent or mitigate the potential for mis-use. For example, something as simple as making sure customers who use QR codes get a copy of the statement below along with a letter reassuring them how they can prevent such issues.
For example, underneath the QR code on a printed document there could be an image of the website which should appear when the document is scanned and the correct URL. Or, the document could say, “We will never send you an email containing a QR code. If you get such an email, do not click on the code or any links in the email and contact us immediately.”
In other words:
- acknowledge the threats,
- educate customers,
- work with others in your industry and the technology industry to combat QR code mis-use, and
- develop and employ effective counter-measures.
If your company is involved in any of these activities including educating customers and employing counter-measures, we would like to hear about what you are doing and how you are doing it. We would very much like to write about these efforts in the Seybold Report.
QR codes seem to be everywhere. You may have scanned one to see the menu at a restaurant or pay for public parking. And, you may have used one on your phone to get into a concert or sporting event, or to board a flight. There are countless other ways to use them, which explains their popularity. Unfortunately, scammers hide harmful links in QR codes to steal personal information. Here’s what to know.
- they lie and say they couldn’t deliver your package and you need to contact them to reschedule;
- they pretend like there’s a problem with your account and you need to confirm your information; and
- they lie, saying they noticed suspicious activity on your account, and you need to change your password.
These are all lies they tell you to create a sense of urgency. They want you to scan the QR code and open the URL without thinking about it.
A scammer’s QR code could take you to a spoofed site that looks real but isn’t. And, if you log in to the spoofed site, the scammers could steal any information you enter. Or, the QR code could install malware that steals your information before you realize it.
So how can you protect yourself?
United states federal trade commission statement, december 6, 2023
- If you see a QR code in an unexpected place, inspect the URL before you open it. If it looks like a URL you recognize, make sure it’s not spoofed — look for misspellings or a switched letter.
- Don’t scan a QR code in an email or text message you weren’t expecting — especially if it urges you to act immediately. If you think the message is legitimate, use a phone number or website you know is real to contact the company.
- Protect your phone and accounts. Update your phone’s OS to protect against hackers and protect your online accounts with strong passwords and multi-factor authentication.