A QR code is a scannable image that leads to a specific website. More and more businesses are using QR codes. For example, some restaurants use QR codes instead of physical menus. As QR codes become more popular, cybercriminals are also using them for their malicious purposes.
In a recent scam, cybercriminals sent phishing emails disguised as multi-factor authentication (MFA) messages. The email instructs you to scan the QR code to enable MFA on your device. If you scan the QR code, you’ll be taken to a spoofed login page. If you enter your login credentials, cybercriminals could gain access to more of your sensitive information.
Follow the tips below to stay safe from similar scams:
- Think before you scan a QR code. Cyberattacks are designed to catch you off guard and trigger you to scan impulsively.
- When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
- Be cautious before entering any login information on a website from a QR code. Instead, navigate directly to the official website.