Patna: A new online scam involving QR codes is spreading quickly across the world, and cybersecurity experts say even one careless scan can put your personal information, bank details and social media accounts in danger. Security researchers from Microsoft have warned that hackers are now using fake QR codes hidden inside emails, PDF files and login pages to trick people into sharing sensitive information. These scams are becoming more common because QR codes are now used daily for payments, restaurant menus, tickets and app logins, making them appear safe and trustworthy to most users.
According to experts, hackers are sending professional-looking emails that pretend to come from office HR teams, IT support departments or company managers. These emails often create panic by claiming there is an urgent account problem, a compliance issue or a password that needs immediate updating. Instead of sending suspicious website links, attackers place QR codes inside the email and ask users to scan them using their phones. Once scanned, the code opens a fake website that looks almost identical to a real login page. Users unknowingly enter their usernames and passwords, which are then directly stolen by hackers.
Researchers say the scam has already targeted thousands of people across companies worldwide. Microsoft’s cybersecurity team reported that more than 35,000 users connected to around 13,000 organisations have already been affected or targeted by such attacks. Experts believe the scam works because many people trust QR codes more than links and do not stop to verify where the code is leading them. In several cases, hackers have also used fake CAPTCHA verification pages and PDF attachments to make the scam look more convincing and professional.
Cybersecurity experts are now advising people to be extra careful before scanning any QR code received through email or unknown messages. Users should always check the sender’s identity carefully and avoid acting in panic when an email demands urgent action. Experts also recommend keeping mobile phones and laptops updated with the latest security software to reduce the risk of malware attacks. People are also encouraged to use two-factor authentication on important accounts because it adds an extra layer of security against hackers.
If someone accidentally scans a suspicious QR code, experts say immediate action can help reduce the damage. Users should disconnect their device from the internet and quickly change the password of any account they may have logged into after scanning the code. They should also monitor their bank accounts, emails and social media profiles for unusual activity. In serious cases, cybersecurity professionals recommend resetting the device to factory settings because some scams may secretly install harmful apps in the background without the user noticing.
