Last week, Ranga Bodla, Vice President for Field Engagement and Marketing of NetSuite, invited me to observe a panel discussion hosted by the Chicago CFO Leadership Council in which he and other experts discussed “Generative AI and Cyber Security Essentials.” The lively discussion went way past its scheduled time but no one left because it was so interesting.
And scary.
Panelist Mishaal Khan, Cybersecurity Lead at technology consulting firm Mindsight alarmed the crowd (that’s his job) with tales of AI-enabled skullduggery, but the crime trend that drew the loudest gasps was the growing use of QR codes to swindle unsuspecting victims. While not nearly as complex to execute as AI crimes (like those I covered in this article), the ubiquity of the common QR code makes it an ideal way to catch innocent folk while their guards are down and their phones are up.
Here are some common QR code scams
You park your car and scan the QR code to pay for your time. The website comes up, you enter your credit card information and leave. While you’re running errands, thieves are gleefully maxing out your AMEX using the information you conveniently provided to their fake website. How did that happen? Simple, they put a sticker over the QR code on the parking lot sign and steered you to their fake website that happens to look just like the real one. By the way, you now have a parking ticket, since you didn’t really pay for a spot; you just thought you did. Ouch.
You get an email with a QR code in it, and you use it. This is a current favorite of the corporate hacker crowd. It’s increasingly difficult to get phishing emails past IT security but a QR code is an image. That means the cybersecurity software can’t evaluate it for risk; even the text is part of the image so your email client can’t scan that, either. The email may look like it’s from a credible organization (think: Microsoft asking you to reset a password; your bank asking you to verify a transaction.) Once you share your credentials, bad things happen, ranging from emptying your bank account to using your email account to wire new, fraudulent ACH deposit instructions to your customers.
You receive snail mail with a QR code printed on it. This is the printed version of the email scam and there are many variations. Perhaps it’s an offer for a free or heavily discounted product; just scan the QR code to redeem! Or a “New Product Test Invitation” from Amazon. Or maybe it’s a blank card with a QR code in it; it’s hard to resist scanning that!
You are approached by a person on the street who asks you for money and holds out his phone for you to scan a code. You can guess where this is headed, right?
How to Avoid QR Code Scams
First, absolutely never scan a QR code sent you via email or text. It’s just a suspicious thing; why send a QR code when you can send a link? Here’s why: You cannot click on a QR code with your laptop, which of course is configured by IT security to help avoid bad links, etc. You must use your phone, which is much more vulnerable.
Second, when you point your phone at a QR code, study the preview of the link that pops up before you keep going. Authentic websites tend to start with “https” while fakes show up as “http.” No ‘s’? No scan.
Third, before scanning any QR code posted in public, inspect it to see if it looks added-on or somehow not quite right.
Fourth, stop scanning QR codes! Or at least, never use them unless there’s no alternative.
It’s hard to stay ahead of the cybercriminals these days, and the corruption of the once-loveable QR code is but the latest trend. There will be more. If you want to learn about AI-related risks, attend our upcoming live event, “Applied AI for Distributors” on Oct. 3-5 in Chicago. Among many other top-notch presentations, you don’t want to miss the talk by Lin Chase, Ph.D., titled, “10 Easy Tips for How to Use AI to Destroy Everything You’ve Built.”
This is the first-ever live event dedicated to AI for distributors. Thought leaders from some of the most admired distributors in the world are attending. Can you afford to fall behind in your understanding and adoption of AI?
I hope to see you in Chicago.
Sources used in this article:
Ian Heller is the Founder and Chief Strategist for Distribution Strategy Group. He has more than 30 years of experience executing marketing and e-business strategy in the wholesale distribution industry, starting as a truck unloader at a Grainger branch while in college. He’s since held executive roles at GE Capital, Corporate Express, Newark Electronics and HD Supply. Ian has written and spoken extensively on the impact of digital disruption on distributors, and would love to start that conversation with you, your team or group. Reach out today at iheller@distributionstrategy.com.