Federal authorities warn that scammers are sending unexpected packages containing QR codes that can lead to identity theft and malware, exploiting curiosity to trick victims into revealing personal information.
Scammers are increasingly using QR codes in a new scheme that involves sending unexpected packages to unsuspecting individuals. These packages contain QR codes that, when scanned, can redirect victims to fraudulent websites or download malicious software designed to steal sensitive information.
Once considered a convenient tool for checking menus or making payments, QR codes have now become a weapon in the hands of criminals. The latest warning from federal authorities highlights the extent of these tactics, which include fake delivery texts, counterfeit payment links, and malicious codes that replace legitimate ones.
In this latest scam, criminals send packages that recipients never ordered. Inside these boxes is a QR code that, when scanned, can lead to stolen personal details, drained bank accounts, or malware that operates silently in the background of a victim’s phone.
The FBI has issued a public notice regarding this scam, stating, “The FBI warns the public about a scam variation in which criminals send unsolicited packages containing a QR code that prompts the recipient to provide personal and financial information or unwittingly download malicious software that steals data from their phone.” The agency notes that scammers often ship these packages without sender information to entice victims into scanning the QR code.
This scheme is a variation of what is known as a brushing scam. Traditionally, brushing scams involved online sellers sending products to strangers and then using the recipients’ details to post fake reviews. While brushing scams were more of a nuisance, this new approach has escalated to deliberate fraud. Instead of receiving a product, victims often find only a printed QR code that leads to fraudulent websites asking for sensitive personal information, such as banking details, credit card numbers, or login credentials.
Some QR codes go even further, installing malicious software that can track activity and steal data directly from the device. The consequences of falling victim to such scams can be severe, as fake websites may harvest names, addresses, and financial details, while malware can monitor accounts, log keystrokes, or even target cryptocurrency wallets. Often, victims do not realize they have been compromised until they notice unauthorized charges or suspicious withdrawals, by which time their information may already be in the hands of criminals.
Scammers exploit curiosity and convenience to trick individuals into scanning malicious QR codes. To avoid becoming a target, it is essential to adopt a few simple habits. First, avoid scanning QR codes from mystery deliveries, random flyers, or stickers on public signs. A QR code is essentially a disguised link, and until you know where it leads, it should not be trusted.
Even if you accidentally scan a risky code, keeping strong antivirus software on your phone can help. Mobile security apps can block fraudulent sites, warn you before downloads, and protect against malicious QR code attacks. It is also advisable to scan QR codes only from businesses and organizations you already trust, such as your bank’s mobile app or a known retailer’s checkout page.
Most smartphones allow users to press and hold a QR code link to preview where it leads. If the URL appears suspicious—featuring misspellings, random numbers, or shortened links—do not open it. Taking a moment to check can save you from falling into a phishing trap.
Additionally, the less personal data available about you online, the harder it is for scammers to target you with convincing fraud attempts. Consider using data removal services that scrub your information from people-search sites and marketing databases. While no service can guarantee the removal of all your data from the internet, utilizing a removal service can help you monitor and automate the process of eliminating your information from numerous sites over time.
Even if your login details are compromised, two-factor authentication (2FA) can make it more difficult for criminals to access your accounts. By requiring a secondary code sent to your phone or generated through an authenticator app, 2FA adds an extra layer of security to your banking, email, and trading accounts.
Regular software updates are also crucial, as they often contain fixes for security vulnerabilities that scammers may exploit. Keeping your phone’s operating system and apps up to date provides stronger protection against malware that can be delivered through malicious QR codes.
If you receive an unexpected package containing a QR code, do not simply discard it. Report it to local authorities and consider filing a complaint with the FBI’s Internet Crime Complaint Center. Reporting these incidents not only helps protect you but also provides law enforcement with valuable information to track the spread of these scams.
While this scam may not be widespread yet, it illustrates how quickly criminals can adapt to new technology. QR codes were intended to simplify life, and they often do, but that convenience can become a vulnerability when curiosity overrides caution. The key takeaway is that a mystery package with a QR code is not a fun puzzle to solve; it is a red flag. The safest course of action is to resist the urge to scan and report any suspicious packages instead.
Source: Original article