Imagine a plain brown box showing up at your front door with no indication of who or where it came from. The box is topped by a small white envelope with a card inside. In elegant script the card reads: Scan the QR code to see who sent you this gift! So you scan it. Congratulations – you’ve just given scammers access to everything on your smartphone.
I wish this story was a work of fiction but some day soon it could be coming to a doorstep near you. The gift box scam worked on my son’s friend and frankly I can’t say that it wouldn’t have worked on me. If someone sent you a gift and they wanted it to be a surprise, would the situation look much different than what I just described? Would you scan the QR code?
I can’t explain how the simple scan of a QR code translates to the hack of a smartphone, but technology far outpaces my understanding of its capabilities these days. My first reaction to this story was to check my phone apps to make sure any “data-sensitive” ones were password-protected. My next reaction was to wonder if I could ever trust a QR code again.
Here’s a second bit on hacking, also passed along by my son. He said scammers now prey on public parking lots. Many of these lots use pay-by-app technology and the app can be downloaded onsite by scanning a QR code. Scammers simply place their own sticker over the one you’re supposed to scan and presto! – you’ve unknowingly given some level of data access to thieves. It reminds me of gas station scams where the pump credit card reader is retrofitted with a device capable of collecting your card’s data.
By comparison email and text scams now seem pedestrian, but boy-howdy they keep trying don’t they? I got one just last week claiming I have a “USPS parcel being cleared, but the parcel is temporarily detained due to an invalid zip code”… and I’m supposed to click on a link so I can correct the zip code. These phishing messages are so common they’ve become easy to spot, whether from the broken English or from the bizarre originating email address. Phishing reminds me of those long-ago Nigerian princes who sought our help in exchange for “large sums of money”.
At least I’m not a head-over-heels fan of Brad Pitt. Last month two women were scammed out of hundreds of thousands of dollars by five people in Spain, posing collectively as the actor in an online conversation. The fraudsters were arrested, but you have to wonder about the naivety of people these days. Do you really believe Brad Pitt would contact you to invest in one or two of his projects? More importantly, would you invest this kind of money with anyone without meeting them in person first?
All of this hack-yacking brings to mind the 1970s counterculture bestseller Steal This Book. From the title you’d expect to read about tricks of the hacking trade but it was a different topic entirely. Steal This Book gave step-by-step instructions on how the average American could get free services and products courtesy of the federal government’s welfare programs. The book was intended as a sort of protest against the powers-that-be, written by a well-known activist of the time.
[Side note: Steal This Book also explained how to create (underground) radio broadcasting and printing presses, start (non-violent) demonstrations, and make bombs with household materials. You can still buy the book but I’m guessing the section on bombs has been removed. And don’t ask me how many copies of the book were actually stolen.]
The FBI’s website lists eighteen categories of common frauds and scams. The examples I shared above fall under just one of these categories: “skimming”. Some of the other categories are even more disheartening, like “holiday”, “elder”, or “romance”. Collectively it’s a sad statement about the world we have to deal with. So be skeptical, I tell you. That unexpected gift at your front door is probably not a gift at all. That QR code may create a connection you don’t want. And “Brad Pitt”? He has no interest in doing business with you. He only wants your money.
Some content sourced from Wikipedia, “the free encyclopedia”.
Life In A Word 
I didn’t know about the parking lot scam and yet I can see how it could happen. Thanks for the head’s up. I was vaguely aware of something going with Brad Pitt but like you said it sounded so contrived, appealing to naive people, that I didn’t read about it in depth. He’ll never be contacting me, you can take that to the bank.
LikeLiked by 1 person
I’ll never look at at QR code the same way again, sigh…
LikeLiked by 1 person
What a world. Predators, in one form or another, abound.
LikeLiked by 1 person
They sure keep up with technology, don’t they?
LikeLiked by 1 person
Smart phones are not as smart as we hoped they would be!
LikeLiked by 1 person
Yes, this business about a QR code allowing access to everything in your phone bothers me. I’m hoping the victims of this theft simply didn’t protect their data-sensitive apps on their phones.
LikeLiked by 1 person
Wow. I just shared this with several people. Good info to have! Thanks, Dave. So scary that people do this. And sad.
LikeLiked by 1 person
Yes, this post struck me as a PSA of sorts, Betsy. I could probably advertise a scam a week the same way you pose your regular trivia questions. But trivia is just so much more fun… 🙂
LikeLiked by 1 person
True that scam info isn’t fun, but it’s far more important than trivia!
Not saying that you SHOULD do the weekly PSA, but just sayin’ in general. 🙂
LikeLiked by 1 person
Thanks for sharing. It’s upsetting to think we can’t “trust” anything anymore. That we must be constantly questioning and looking over our shoulder for scammers.
LikeLiked by 1 person
Yes, and that lack of trust has me keeping my financial setup as simple as possible. Few accounts, few credit cards, low balances, etc. It’s almost as if you have to assume you’re going to get hacked at some point.
LikeLiked by 1 person
I’ve heard about that scam! Luckily it didn’t happen to us or I probably would’ve scanned it. We’ve been getting so many packages between the shower and just getting everything ready for the baby. It’s sad people are taking advantage of random people like that.
LikeLiked by 1 person
The gift boxes were a new one on me, Lyssy. As I told another reader, I could probably add a weekly scam warning to each of my posts and never run out of material. The complete lack of conscience in these people boggles my mind.
LikeLike
One of the few good things about being so far behind the times. I don’t scan QR codes.
LikeLiked by 2 people
Interesting, just this morning I was reading about a parking lot scan like this in San Francisco. They put out a press release and everything. Don’t know if they made any arrests yet. The scammers are getting bolder by the day.
LikeLiked by 1 person
Interesting as to the QR code and yes, curiosity would likely get the best of most of us when presented with a free gift. But I get so many scam offers in my e-mail, that don’t always go to SPAM, that my “deleting finger” gets tired and I am more aware than ever about these scams. Hovering your mouse over the name is helpful as I see scams that appear to originate from Xfinity, my IP, that look very legit, except for the telltale oddball sender’s e-mail address. I was thinking as I read about the QR code, it reminded me of the skimmers at gas stations, then you mentioned it. I read that a local Kroger store had issues recently where people using the U-scan and putting in a debit card, suddenly had a stranger come up close to them on the pretense of being the next in line after they finished checking out. What they really did was use a tiny “reader” which photographed your debit card, giving them access to your account and pin number – voila, the account was emptied in record time. It’s a scary world we live in these days.
LikeLiked by 1 person
A credit card seems entirely vulnerable these days, even with embedded chip technology. The numbers are right there in plain view! Wouldn’t surprise me if we’re all using our phones within a year or two for payments instead of physical cards (kind of like how cash is being phased out). Then at least your “photographer” wouldn’t have a chance of collecting your data.
LikeLiked by 1 person
It’s scary isn’t it Dave? The phasing out of cash began in earnest early in the pandemic (“dirty/germy money”). I only use cash at the car wash and we have a new car wash franchise where you can buy tokens and I may consider doing that. It used to be my Saturday was often full of errands, with stops at the card store, nursery, hardware store, but now you can do all that at the larger grocery stores, plus bank online/pay bills on line. We should have more free time, but all we have now are worries about scams/our data vulnerability.
LikeLiked by 1 person
This was a new one on me, so thanks for the heads up! Everyone told us how great the internet was going to make our lives. And our lives have been improved in many ways, including getting to read interesting blogs. But the geeks sitting around inventing this stuff never seem to understand the ingenuity and industry of the crooks and scammers.
I recently got an email from one of the credit reporting agencies (I have accounts with all three in order to lock or unlock my credit reports.) It invited me to “click here” to read an “important message”. I always log onto the site itself, and never “click here” on emails, and (of course) there was no important message. But the email did such a good job replicating the logo of the actual agency that I was surprised.
LikeLiked by 1 person
Is any means of communication foolproof anymore? Companies resort to “we will NEVER contact you by text” to warn you about text scams. But if they contact you by email instead (your example) it’s no less suspicious. USPS mail, emails, texts, phone calls, even the person who shows up at your front door claiming to be with the company… can’t trust a single approach.
LikeLike
Thanks for the warning, Dave. That mystery-box scam just might snag me since QR codes for this, that, and the other are becoming so common. I also received the email about a USPS delivery. Thankfully that one I did NOT fall for. We have to think twice before every click!
LikeLiked by 2 people