QR codes with their square barcode regained their popularity when the pandemic began because consumers found them easy to use and businesses did not have to worry about contamination from contact.

Many companies, especially restaurants started using QR or Quick Response codes and swapped them out for menus since customers could scan them from their smartphones within a few seconds. Other industries adopted QR codes for coupons, bills or to learn more information about a topic or person. Coinbase ( (COIN) ), the cryptocurrency exchange platform, even shelled out nearly $14 million for a 30-second Super Bowl commercial in January that only featured a QR code.

As demand for QR codes rose, cybersecurity criminals also noticed the opportunity to steal personal or financial data from a consumer and earn a quick payday.

“Anything consumers will use and trust will eventually be used by hackers,” John Bambenek, principal threat hunter at Netenrich, a San Jose, California-based digital IT and security operations company, told TheStreet. “Criminals will use anything they can to steal a buck.”

Hackers are tampering with QR codes because their use has become widespread and tampering with them is simple, Hank Schless, senior manager, security solutions at Lookout, a San Francisco.-based security service edge provider, told TheStreet. Some contain malicious links embedded with malware so cybercriminals can easily obtain your data such as credit card information or social security number.

QR codes have made a resurgence since the pandemic, including event registration. They are just “another tactic hackers are using to get past traditional security services much like smishing where fraudulent text messages are sent from what appears to be a real company or phishing in Microsoft Teams, and Zoom,” Patrick Harr, CEO of SlashNext, a Pleasanton, Calif.-based anti phishing company, told TheStreet.

HOW TO SCAN QR CODES SAFELY?
Consumers believe scanning QR codes are harmless, but they are actually “inherently untrustworthy,” Casey Ellis, CTO at Bugcrowd, a San Francisco-based crowdsourced cybersecurity company, told TheStreet.

“COVID has brought them into use cases where they are highly trusted,” he said. “Once you've gotten used to scanning a QR without thinking about it from a security standpoint, it becomes a pretty attractive payload delivery vehicle for attackers.”

Fraudsters are often one step ahead and devious in their strategies to lure unsuspecting people into scanning or clicking on a link. QR codes are used to sign into accounts, exchange contact information and make money transfers or provide contactless pay options.

QR phishing attacks are on the rise because they require so little effort to be successful. For one, the codes are physical displays, meaning a harmless one can easily be covered with a nefarious one that brings users to a malicious website. This makes it easy for cybercriminals to “display” the legitimate site that steals login credentials or installs malware.

Phishing is a common type of threat where hackers pretend to send emails from legitimate companies and ask for personal data.

“Threat actors have found that QR codes are one of the most effective ways to deliver malicious links so you need to understand that while QR codes make contactless interactions seamless, they also make it easy for attackers to send you malicious links,” Schless said. “Once a credential is stolen, it makes it easy for attackers to steal personal and corporate data alike."