Don’t be fooled by scam QR codes
QR code fraud is on the rise in the UK, a recent study found a staggering 587 per cent increase in QR code phishing attempts in last August and September alone.
These scams, often referred to as "quishing," have resulted in thousands of attacks each month. With 86.66 per cent of smartphone users having scanned a QR code at least once, and 36.40 per cent doing so weekly, the potential for more people to fall foul of these frauds is huge.
QR codes have been around for more than 30 years but people in the UK only really started using them during the pandemic for everything from getting advice and ordering food and drinks in pubs to displaying their Covid status.
They are most commonly used now as a quick and easy way to direct people to websites on posters and adverts. By using a phone camera to read the code it is a simple way to get to a web link without tapping it into a keyboard.
But they also present an opportunity to fraudsters, there have been reports of fake QR codes being stuck on to posters in car parks and railway stations.
Most QR code scams tend to be in public areas, like stations and car parks, and can be complex, as in the railway station scam where criminals posing as bank staff called the victim to further the scam.
QR codes are also increasingly being used in phishing emails and have more chance of succeeding for several reasons. Most people are wary of suspicious links in emails and are rightly cautious of clicking on shortened links. QR codes help disguise the malicious links in phishing emails.
Not all security tools that detect phishing emails scan images, so a QR code leading to a malicious site might bypass these defences. Users are also more likely to use their phones to scan QR codes. Personal devices may not have the same security protections as a work computer.
QR codes in pubs or restaurants are generally safe to scan but be more cautious with QR codes in public spaces. As with many cyber-attacks, be wary if you're asked to provide too much information, whether on a website or in follow-up communications, such as a phone call.
If you receive an email with a QR code, be extra cautious. If you are about to use a QR code in a public space, check the QR code hasn’t been stuck over another one. Think about what you’re being asked for, and if it doesn’t feel right, contact the company.
Use the built-in scanner that is part of your phone’s camera, third party scanning apps can charge for extra services and plague you with ads.
If the QR code was part of an email it can be forwarded here.
If you believe you are the victim of any fraud call Action Fraud on 0300 123 2040.