Imagine coming home from work to find an unexpected package at your doorstep. There’s no sender information; it’s just a QR code with a note instructing you to scan it to reveal the sender. Excited, you pull out your phone, thinking a loved one might have sent you a surprise gift. But when you scan the QR code, it directs you to an unfamiliar website. Before you know it, your device might be compromised, and your personal information could be at risk.
Recently, the FTC issued a warning about this new quishing scam.
How does the scam work?
You get an unexpected package at your doorstep. The label doesn’t have information on the sender but asks you to scan it to find who sent it or to understand the return policy. When you scan the code, the following things could happen
- The QR code may redirect you to a phishing site that asks for sensitive information, such as credit card details or login credentials for important accounts.
- It might install malware on your device, giving hackers access to your device without your knowledge.
What to do if you receive an unexpected package?
If you receive an unexpected package on your doorstep, here’s what you should do.
1. Verify the Sender
- If you think the package might be from a legitimate sender, verify with family, friends, or retailers you’ve shopped with. If the sender is still unknown, handle the package with caution.
- If the sender remains unknown, treat it with caution, and don’t scan the QR Code.
2. Dont scan the QR Code
- If the sender remains unknown, don’t scan the QR Code as it could be a phishing attempt or malware distribution method.
3. Return to sender or keep the package
- If the package is unopened and includes a return address, mark it as ‘Return to Sender’ and take it to your local post office.
- You can also keep any unsolicited merchandise sent to you without any obligation to return it or pay for it.
What to do if you scan the QR Code?
1. Change your passwords
- If you scanned the QR code and entered your login credentials on a website, change your password immediately. Use a strong, hard-to-guess password and enable two-factor authentication for added security.
2. Freeze your credit card
- If you entered your credit card details, consider taking additional steps, such as freezing your card or regularly tracking your statements for fraudulent transactions.
3. Report identity theft
If you suspect identity theft, report it and create a personal recovery plan at IdentityTheft.gov