Phone us
You may have recently read about the rise of QR Code scams through the use of fake QR Codes on things like parking meters. This article outlines the attacks taking place on our infrastructure and how such scams can be avoided through vigilance and robust security practices.

Quick Response (QR) codes were invented by the Japanese company Denso Wave in 1994 to track automobile parts, offering greater data storage and faster scanning than traditional barcodes. Their versatility led to widespread use in tracking, inventory management, and later, consumer applications like mobile payments and digital menus. However, as their popularity grew, QR codes also became a target for cybercriminals, who use them for phishing, data theft, and malware distribution. This form of cybercrime is known as “quishing,” where scammers use a QR code to carry out a phishing attack aimed at stealing user credentials. As QR code usage continues to rise, particularly for contactless transactions, the need for vigilance and robust security practices is paramount.

What are QR Code Scams?

QR code scams are a form of cybercrime that exploit the convenience and widespread use of QR codes to deceive individuals and organisations into divulging personal and financial information. These scams typically involve replacing legitimate QR codes with counterfeit ones in public locations such as parking meters, restaurants, and package delivery notifications. Scanning these fake codes redirects victims to malicious websites designed to harvest sensitive data or trick them into making fraudulent payments. The prevalence of these scams has increased significantly due to the growing use of QR codes in recent years.

Common Scenarios of QR Code Scams

QR code scams exploit the growing use of QR codes, leading to unauthorised transactions and identity theft. QR code scams exploit both physical and digital mediums to deceive victims. Key scenarios include:

  • Parking Meter Payments: Scammers place fake QR codes on parking meters, redirecting users to fraudulent payment portals that steal their payment information, often resulting in unauthorised transactions and vehicle towing.
  • Utility and Government Impostors: Scammers pose as utility companies or government agencies, directing victims to fake payment portals via QR codes, leading to financial loss and identity theft.
  • Email and Text Message Scams: Scammers send messages with malicious QR codes, luring victims with fake offers or urgent requests. Scanning these codes can lead to credential theft or malware infections.
  • Unexpected Delivery Packages: Scammers send unsolicited packages with QR codes for returns. Scanning these codes prompts victims to enter personal information, which is then exploited for financial gain.
  • Fake QR Coupons: Scammers create fraudulent QR codes for fake coupons, redirecting users to websites that capture personal and financial information.
QR Code Scam Prevention

As QR code usage continues to grow, both individuals and organisations must remain vigilant and informed about the risks and protective measures associated with QR codes. The rise in QR code scams has led legal and regulatory bodies to issue warnings and recommendations. A key concern is the lack of consumer consent for data collection, which often conflicts with global privacy laws requiring explicit consent when a QR code is scanned. Regulatory bodies urge businesses to comply with these laws by obtaining prior consent and clearly outlining data collection policies.

Organisations should implement robust security measures, such as unified endpoint solutions, to secure devices and ensure QR codes are legitimate. This includes avoiding URLs that differ from official company URLs and using mobile threat defense. 

Awareness and caution can help prevent falling victim to these scams. To stay safe, we recommend individuals follow our handy hints below:

  • Most smartphones have an in-built QR scanner, but if you need to download one, only use trusted app stores, and thoroughly read reviews before installing.
  • Once a QR code is scanned, it should display the URL link before directing you to the desired page. Always inspect the link carefully; if it looks suspicious, close it immediately. The safest approach is to manually type the URL into your browser, especially if you’re unsure about the code’s origin.
  • If the link or content doesn’t match what you expected, close it immediately.
  • Never enter any card or personal information until you’re certain the site is genuine.
  • When scanning QR codes in public spaces, inspect them by feeling for potential stickers that could indicate they’ve been tampered with or replaced.
  • Keep your QR reading software up to date.

If you require advice or support on data protection and information governance, or fraud prevention, please do not hesitate to get in touch. Our team is here to help you navigate these complex regulations and ensure your resilience compliance.

Please contact us on 020 7101 4861 if you think we can help.

 

Image accreditation: Proxyclick (May 2019) on Unsplash.com. Last accessed on 12th August 2024. Available at: https://unsplash.com/photos/black-pos-machine-EPeK7w5Eeic

In case you missed it...

cyber security measures
Cyberattack Derails TfL: The Urgent Need...

Earlier this week a cyberattack on Transport for London (TfL) left its Oyster card and payment systems compromised, causing widespread...

Read More
scam calls prevention
Tackling the UK’s Scam Calls Epidemic:...

The United Kingdom has Europe's highest fraud call rate at 9.3%, with people frequently targeted by scammers posing as loved...

Read More
ISO 42001
ISO/IEC 42001: A New International Standard...

With the growing impact of AI across industries, robust governance has become essential. ISO/IEC 42001 is a newly established global...

Read More

Get in touch

    By submitting this form you are consenting that your data be handled in accordance with our Privacy Notice and we will be in touch regarding your enquiry.