Skip to content

Thought Leadership for Wholesale Change Agents

  • Articles
    • AI in Distribution
    • Digital Strategy
    • B2B eCommerce
    • Distribution Marketing
    • Distribution Sales Strategy
    • Distribution Technology
    • Distribution Industry News
    • Technology News
  • News
  • Programs
    • Upcoming Programs
    • On-Demand Programs
    • Wholesale Change Show
    • On-Demand Wholesale Change Shows
    • The Discerning Distributor
    • Calendar
  • Reports
  • Speaking
  • Software
Menu
  • Articles
    • AI in Distribution
    • Digital Strategy
    • B2B eCommerce
    • Distribution Marketing
    • Distribution Sales Strategy
    • Distribution Technology
    • Distribution Industry News
    • Technology News
  • News
  • Programs
    • Upcoming Programs
    • On-Demand Programs
    • Wholesale Change Show
    • On-Demand Wholesale Change Shows
    • The Discerning Distributor
    • Calendar
  • Reports
  • Speaking
  • Software
Join Our List
Home » Distribution Technology » Don’t Scan into a Scam: QR Codes a Growing Cyber Risk

Date

  • Published on: September 22, 2023

Author

  • Picture of Ian Heller Ian Heller

Related

What Every Distributor Should Know About Artificial Intelligence

Will AI Make Change Management Easier – or More Difficult?

How Price Decreases Can Imperil Distributor Profitability

Share

Distribution Technology

Don’t Scan into a Scam: QR Codes a Growing Cyber Risk

The ubiquitous QR code brings convenience – to criminals

Last week, Ranga Bodla, Vice President for Field Engagement and Marketing of NetSuite, invited me to observe a panel discussion hosted by the Chicago CFO Leadership Council in which he and other experts discussed “Generative AI and Cyber Security Essentials.” The lively discussion went way past its scheduled time but no one left because it was so interesting. 

And scary.

Panelist Mishaal Khan, Cybersecurity Lead at technology consulting firm Mindsight alarmed the crowd (that’s his job) with tales of AI-enabled skullduggery, but the crime trend that drew the loudest gasps was the growing use of QR codes to swindle unsuspecting victims. While not nearly as complex to execute as AI crimes (like those I covered in this article), the ubiquity of the common QR code makes it an ideal way to catch innocent folk while their guards are down and their phones are up. 

Here are some common QR code scams 

You park your car and scan the QR code to pay for your time. The website comes up, you enter your credit card information and leave. While you’re running errands, thieves are gleefully maxing out your AMEX using the information you conveniently provided to their fake website. How did that happen? Simple, they put a sticker over the QR code on the parking lot sign and steered you to their fake website that happens to look just like the real one. By the way, you now have a parking ticket, since you didn’t really pay for a spot; you just thought you did. Ouch.  

You get an email with a QR code in it, and you use it. This is a current favorite of the corporate hacker crowd. It’s increasingly difficult to get phishing emails past IT security but a QR code is an image. That means the cybersecurity software can’t evaluate it for risk; even the text is part of the image so your email client can’t scan that, either. The email may look like it’s from a credible organization (think: Microsoft asking you to reset a password; your bank asking you to verify a transaction.) Once you share your credentials, bad things happen, ranging from emptying your bank account to using your email account to wire new, fraudulent ACH deposit instructions to your customers.  

You receive snail mail with a QR code printed on it. This is the printed version of the email scam and there are many variations. Perhaps it’s an offer for a free or heavily discounted product; just scan the QR code to redeem! Or a “New Product Test Invitation” from Amazon. Or maybe it’s a blank card with a QR code in it; it’s hard to resist scanning that!  

You are approached by a person on the street who asks you for money and holds out his phone for you to scan a code. You can guess where this is headed, right?  

How to Avoid QR Code Scams 

First, absolutely never scan a QR code sent you via email or text. It’s just a suspicious thing; why send a QR code when you can send a link? Here’s why: You cannot click on a QR code with your laptop, which of course is configured by IT security to help avoid bad links, etc. You must use your phone, which is much more vulnerable.  

Second, when you point your phone at a QR code, study the preview of the link that pops up before you keep going. Authentic websites tend to start with “https” while fakes show up as “http.” No ‘s’? No scan.  

Third, before scanning any QR code posted in public, inspect it to see if it looks added-on or somehow not quite right.  

Fourth, stop scanning QR codes! Or at least, never use them unless there’s no alternative.  

It’s hard to stay ahead of the cybercriminals these days, and the corruption of the once-loveable QR code is but the latest trend. There will be more. If you want to learn about AI-related risks, attend our upcoming live event, “Applied AI for Distributors” on Oct. 3-5 in Chicago. Among many other top-notch presentations, you don’t want to miss the talk by Lin Chase, Ph.D., titled, “10 Easy Tips for How to Use AI to Destroy Everything You’ve Built.”  

This is the first-ever live event dedicated to AI for distributors. Thought leaders from some of the most admired distributors in the world are attending. Can you afford to fall behind in your understanding and adoption of AI?  

I hope to see you in Chicago.  

Sources used in this article: 

  • YouTube: ABC News: New Scam Alert 
  • CNET: QR code scams are on the rise Here’s how to avoid getting duped. 
  • City National Bank: What You Need to Know About QR Code Fraud 
  • NBC TV Boston: Think Before You Scan – Scammers Can Use QR Codes to Steal Your Information 
  • Microsoft: Five common QR code scams 
  • VPN Overview: QR Code Fraud: What is it and How Can You Protect Yourself 
Avatar
Ian Heller
Website

Ian Heller is the Founder and Chief Strategist for Distribution Strategy Group. He has more than 30 years of experience executing marketing and e-business strategy in the wholesale distribution industry, starting as a truck unloader at a Grainger branch while in college. He’s since held executive roles at GE Capital, Corporate Express, Newark Electronics and HD Supply. Ian has written and spoken extensively on the impact of digital disruption on distributors, and would love to start that conversation with you, your team or group. Reach out today at iheller@distributionstrategy.com.

Leave a Comment Cancel Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Get inspired to act now. Get our content in your inbox 2x/week.

subscribe
Facebook-f Linkedin-in Twitter

Useful Links

  • About
  • Sponsorships
  • Consulting
  • Contact
  • About
  • Sponsorships
  • Consulting
  • Contact

Policies & Terms

  • Terms
  • Distribution Strategy Group Privacy Policy
  • Cookie Policy
  • Terms
  • Distribution Strategy Group Privacy Policy
  • Cookie Policy

Get In Touch

  • 303-898-8636
  • contact@distributionstrategy.com
  • Boulder, CO 80304 (MST/MDT)

© 2025 Distribution Strategy Group