Scan or scam? Criminals increasingly use QR codes to trick users

China 24

Scan or scam? Criminals increasingly use QR codes to trick users

QR codes, or Quick Response codes, are designed to make our lives a little easier. They’re especially popular in China and elsewhere in Asia.

But like other forms of technology — they’re becoming vulnerable to scammers.


CGTN’s Frances Kuo shows us how users are being targeted.

A QR code is a 2-D barcode, made up of black and white squares, that stores encoded information. When the code is scanned, the user is taken to a website.

They are used for everything, from grocery shopping to renting bikes in China. The latter is one of the ways criminals have been operating, by covering QR codes with stickers bearing fake codes.

“There are actually tools you can download right on the Internet or even off the Internet without downloading anything that will let you make a QR code of your own,” Matthew Green, Assistant Professor of Computer Science at Johns Hopkins University in Baltimore, Maryland said.

“When you scan a QR code, you have no idea where it’s going to take you. It could take you to a malicious website that might try to install a virus on your phone,” added Green.

Scammers can then steal private information – and money – from a user’s phone or account. Recently, in the southern city of Guangzhou, reports say more than $14 million were stolen from people via fake QR codes.

“Unfortunately, the problem with all computer security, is that criminals evolve too,” said Green. “And so whatever technologies we’ve come up with to stop them, the criminal will find a way to get past them with new QR codes they can use against us.”

The problem with a QR code is that you can’t tell by looking at it whether it’s legit. But there are steps you can take to protect yourself.

“When you scan a QR code and takes you to a website, look at what that website is,” advises Green. “If you’re scanning an Amazon package and it says amazon.com., that’s a good sign. If it says evilcompany.com or any other URL that’s not the URL you intended to go to, treat it the same way you would treat a random e-mail.”

Some social media sites like WeChat have a security feature that help weed out the good and bad QR codes.

Despite the risks, QR codes remain popular in China.

According to the China Internet Network Information Center, nearly half of respondents in one survey who use the messaging service WeChat said they use QR codes. They’re the sixth most popular activity after social chatting and subscribing to product or service channels.

In the United States, use of QR codes is growing. Statistics from research company, Nielsen Scarborough show the number of internet users who scanned a QR code within the last month jumped 56 percent – from more than 16 million in 2013 to more than 25 million in 2016.


Christopher Bray talks about QR code scams

For more on QR code scams, CGTN’s Mike Walter spoke to cyber security expert Christopher Bray.