Kingston Police warn of new scam involving QR codes

Kingston Police are warning the public of yet another recent scam, this time involving QR codes in phishing emails.

“A QR code is a scannable image that leads to a specific website,” Kingston Police explained. “More and more businesses are using QR codes. For example, some restaurants use QR codes instead of physical menus. As QR codes become more popular, cybercriminals are also using them for their malicious purposes.”

According to a media release, the recent scam sees cybercriminals send phishing emails disguised as multi-factor authentication (MFA) messages. The email instructs the recipient to scan the QR code to enable MFA on a device.

“If you scan the QR code, you’ll be taken to a spoofed login page. If you enter your login credentials, cybercriminals could gain access to more of your sensitive information,” police said.

Kingston Police provided the following tips to stay safe from similar scams:

• Think before you scan a QR code. Cyberattacks are designed to catch you off guard and trigger you to scan impulsively.
• When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
• Be cautious before entering any login information on a website from a QR code. Instead, navigate directly to the official website.

“Stop, look, and think. Don’t be fooled by the scammers,” police said.