A package of chewing gum.

Fifty-one years ago this week, a 10-pack of Wrigley’s Juicy Fruit Gum, sold at a Marsh Supermarket grocery store in Troy, Ohio, was the first retail item scanned with packaging that featured the black and white stripes of what we now know as a Universal Product Code (UPC).

It’s from that little bit of history, you might say, that we’ve come to celebrate National Barcode Day. With it, of course, we’ve gained the convenience of scanning our own items, but it’s also provided cybercriminals and people engaged in what is known as Organized Retail Theft (ORT) with an unprecedented opportunity to disguise all kinds of mayhem and malware in barcodes and, more recently, QR codes.

Broadly defined, there are five types of retail-related crimes that are trending that include:

• Using stolen or cloned credit cards to obtain merchandise
• Changing bar codes to pay lower prices
• Returning stolen merchandise to obtain cash, gift cards, and/or store credit
• Reselling merchandise using:
  • Online auction sites
  • Flea markets
  • Retailers
  • Pawn shops
  • E-commerce marketplaces
• Gift card theft/altering gift cards to steal the funds added to the cards when they are later purchased by legitimate shoppers

At the same time, barcode theft occurs primarily in two ways:

• Barcode swapping, also known as “price switching” refers to a method of retail theft where a customer attaches a barcode from a cheaper item to a more expensive one; it’s a crime that has been occurring more frequently at self-checkout kiosks, where employees may not be closely monitoring each transaction.
• QR code theft, also known as quishing, in a retail setting is not done through a physical theft of the code itself, but by using them to redirect shoppers to fraudulent websites designed to steal their personal information or financial data.

Criminals will create fake QR codes that appear to be legitimate, and they place them on packaging, in-store displays, or even on top of existing QR codes. Some of the situations are simpler, such as placing a fake menu on a restaurant table or a fraudulent payment link at a parking meter.

As with a lot of online fraud, there are steps you can take to avoid being scammed, including:

• Being cautious and making sure that you don’t scan codes you weren’t expecting or that look out of place.
• Looking for signs of tampering, such as stickers, overlays, or misspellings in the URL the code leads to.

It’s a good idea, too, to verify the website address carefully after scanning it, making sure it is the legitimate site you’re expecting to visit. And instead of scanning QR codes to download apps, use the app store for your device.

As always, if you encounter a fraudulent QR code, or you’re at a retail store and you believe that the UPC code is not the correct one for that product, be sure to bring it to the attention of the business owner or the authorities to help prevent others from falling victim to the scam.

There’s a lot of trusted sources out there, with additional information to help you stay safe when it comes to checking a price or downloading a QR code for that “free trial” that was featured last week during a broadcast of the NBA Finals. (Spoiler alert: it was an offer to try out YouTube TV and it was legit).

There’s a popular phrase I’ve heard some people say – before heading out to their favorite store – that “you don’t know what you need, until you look” (or, in this case, shop). And while that may be true or, at the very least, should be considered good advice, you’ll want to make sure your experience with QR codes and barcodes is a memorable one, whether you’re buying a cool new stereo speaker or a pack of gum. Here’s hoping you can scan fearlessly!