The sun is shining, and someone thought it was a good idea to head to the beach… the problem is, so did everyone else, including the scammers.
So, after a painstaking journey and an hour stuck on the motorway with the kids fighting in the back, you finally arrive and manage to nick the last parking space in the car park.
You get the kids out of the car and the cool box out of the boot, along with the umbrella and fold-up chairs, and make your way to the beach. You’re hot, flustered and wishing you hadn’t bothered, and you’ve still got to pay for parking. Ah, you don’t have the right app? Out of cash? The kids are still fighting… Fortunately, there’s a QR code right there – easy. So you get your phone out, enter your details and run off to dip your toes in the sea.
It’s that kind of stress that scammers are hoping to take advantage of this summer. You see, not all QR codes are what they seem, and the warning signs are often right in front of us in black and white, often in the form of stickers that have been placed over a genuine QR code.
Fake QR codes publicly displayed
Once a convenient tool for consumers, QR codes have now become a new battleground for scammers. These seemingly innocent digital squares can lead unsuspecting users to fraudulent websites designed to steal personal information or money.
Recently, consumers in North Wales were warned over fake QR codes that had been stuck on meters in car parks in Llandudno and Colwyn Bay in an attempt to trick tourists and locals. There have also been cases in Dorset and Somerset.
Once our friends during the Covid-19 pandemic, QR codes should be met with a degree of caution.
The problem is that they are everywhere, from car parks to pub and restaurant tables to museums and galleries. And while QR codes are used by legitimate organisations to access their websites to make payments, scammers have created a way to jump on these and create bogus codes. This can be a real problem.
Last year, a woman was scammed out of £13,000 at a railway station car park in Thornaby. The scammers are reported to have covered a genuine QR code with one of their own that sent the woman to a cloned website. From there, they redirected her payments, took out a loan in her name, and stole her card information.
Publicly displayed codes, often found in retail outlets, could be altered by scammers to redirect users to malicious sites. While QR code-related scams aren’t as prevalent as other cybercrimes, they do occur, particularly in public spaces. These scams often involve social engineering tactics, where criminals manipulate victims into providing personal information.
To protect yourself, be cautious when scanning QR codes, especially those found in public areas or received via email.
Recently, QR codes have been exploited in phishing attacks, known as ‘quishing’. This method allows scammers to bypass email filters and lure users to harmful websites. To protect yourself, be cautious when scanning QR codes, especially those found in public areas or received via email. Using your phone’s built-in QR scanner instead of a downloaded app can also enhance security.
Ultimately, while QR codes offer convenience, it’s essential to approach them with a critical eye, especially when used in unfamiliar settings or received from unknown sources. As summer travel and outdoor activities increase, so do opportunities for scammers to deploy these deceptive codes in popular tourist spots, so make sure you keep an eye out for anything that looks suspicious.
What do I need to know?
- Before you scan a QR code, check it hasn’t been tampered with or had a sticker placed over it.
- Be sceptical if the app or website that you’ve been directed to is requesting personal details. Make sure it’s authentic. If unsure, then don’t engage.
- If you’re in any doubt, avoid scanning the QR code and find an alternative payment method
- You can install anti-virus software onto your phone to verify if the QR code is safe to click on. This will prevent you downloading a virus or malware onto your device and allowing scammers to gain access to your personal data. This best free and paid-for mobile antivirus apps guide from consumer champion Which? is a good starting point.
- Be suspicious. Check the preview of the QR code link. When you first scan the code, a preview of the URL should appear, so make sure the website address is legitimate. It should start with “https://”. If you’re still unsure whether the code is real, then try searching for it in your browser instead.
- If you think you’ve been scammed, then contact your bank immediately by securely dialling 159 and reporting your case to Action Fraud.
You can also read this blog at Your Money.
