Posted: 14th March 2022
As the world becomes more and more contactless, hackers are bringing an old trick up to date with QR code scams.
What are QR codes?
Originating from Japan back in the 1990s, QR codes were developed to meet the needs of industrial and manufacturing trades. Now with the worldwide use of smartphones and pandemic-driven increase in contact-free living, QR codes are all around us, from car parks to crisp packets.
Like a barcode, these apparent squares of squiggles hold high volumes of information. They’re a great way to guide potential customers to your website, app or promotional downloads and now, even replace table service in many cafés, bars and restaurants.
But, as with any advance in technology, cyber criminals have found value in this convenience too, and by zapping a QR code with your phone, hackers can gain access to everything it holds from contacts to payment apps.
QR code scams are nothing new
Not really. In many ways, QR code scams are the ‘improved’ phishing attack.
Just like a phishing email containing fake links, hackers are circulating fake QR codes to guide people to malicious websites. From here, the user can be tricked into providing personal data and payment details, or the click may even infect your device with malware.
A fake QR code can open payment apps, send a text or even make a phone call from your smartphone without your knowledge.
The challenge with a QR code scam is it’s far trickier to spot than a phishing email. There is no text or clear URL to check for typos or adaptations… so what can you look out for?
How to spot a QR code scam
Cyber criminals are creating malicious QR codes and circulating them digitally via email, social media and direct messaging but most recently, a more successful method has been adopted.
Fake QR codes are being found in physical locations such as car parks, airports, on flyers, on restaurant tables and even on fake parking fines. This approach is catching more and more people off guard.
What to look out for:
– If when you scan a QR code you are presented with a link to follow, check the link carefully for tactical spelling mistakes (PayPol for example).
– If a QR code is on a sticker, the chances are the legitimate QR code is hidden beneath.
– If you see a shortened link of random characters when you position the QR code on your camera screen, think twice.
5 ways to avoid a QR code scam
#1. Just as you wouldn’t click on a link in an email from an unknown, don’t scan a QR code in an unsolicited message.
#2. If you receive a bill that requests you to make a payment via a QR code, look for another way to pay. If the bill is legitimate, there should always be other options. For complete peace of mind, source a contact number for the company from their website and call them direct to make payment.
#3. If you are presented with a QR code that has been adhered to a restaurant table or similar, bring it to the attention of a member of staff before you scan.
#4 Similarly, if you find a QR code adhered to a parking payment machine or in any other unmanned setting, act with caution. Look for a service number to call and ask for other payment options.
#5. If you receive a QR code from someone you know, your bank, a payment service you use, or similar, still act with caution. If the sender has fallen victim to a cyber attack, this could be a case of contact spamming.
Learn more about contact spamming and other social engineering techniques.
Team up with us – we’re cyber security specialists
Technology moves at a rapid rate, which is why we maintain a strong focus on keeping businesses up to date, protected and growing.
We offer cyber security-conscious proactive IT support that goes beyond monitoring your systems; we offer free industry-tailored cyber security workshops for all our clients. To find out more, drop us a line.