QR codes may be a gateway to identity theft, FTC warns

cnbc.com:

You may want to think twice before scanning that QR code.

The codes — a digital jumble of black and white squares, often used for storing URLs — have become seemingly ubiquitous, found on restaurant menus and in retail stores, for example. However, they can pose risks for the unwary, the Federal Trade Commission warned Thursday.

About 94 million U.S. consumers will use smartphone QR scanners this year, according to a projection by eMarketer. That number that will grow to 102.6 million by 2026, it said.

There are countless ways to use them, which explains their popularity, according to Alvaro Puig, an FTC consumer education specialist, in a consumer alert.

«Unfortunately, scammers hide harmful links in QR codes to steal personal information,» Puig said.

More from Personal Finance:
IRS rejects more than 20,000 refund claims for pandemic-related tax credit
Credit card debt is biggest threat to building wealth, poll finds
Not saving in your 401(k)? Your employer may re-enroll you

Here's why that matters: Identity thieves can use victims' personal data to drain their bank account, make charges on their credit cards, open new utility accounts, get medical treatment on their health insurance and file a tax return in a victim's name to claim a tax refund, the FTC wrote in a separate report.

Some criminals cover up the QR codes on parking meters with a code of their own, while others send codes by text message or email and entice victims to scan them, the FTC said in its consumer alert.

The scammers often try to create a sense of urgency — for example, by saying a package couldn't be delivered and you need to reschedule, or that you need to change an account password due to suspicious activity — to push victims to scan the QR