Finance

Britons warned to watch out for QR code scams in sales as risk of ‘attacks’ rise


As QR codes have become more integrated into marketing materials, Britons are being warned to “stay vigilant” against QR phishing schemes.

A ‘quishing’ occurs when a fraudster replaces a valid QR code with a fake version that takes users to a spoofed site, which allows them to steal any information entered.

The number of QR scams has soared this year, with more than 400 reported and 1,200 investigated by Action Fraud since 2020. City Councils such as Newcastle, Cotswold and Worcester have all issued warnings to residents over fraudsters targeting car parks in recent months.

To help shoppers stay vigilant, QR code experts QRFY have highlighted five tips to avoid falling victim to the ‘quishing’ surge – especially ahead of the January sales, which may prompt further attacks.

Speaking on the scams, QRFY said: “Money is already tight following the holiday period, so the last thing you need is to have a quishing scam steal the last of your savings – especially if it’s a struggle to stretch December’s payout until the end of January.

“But the Boxing Day and January sales are a breeding ground for scammers, hoping to deceive unsuspecting consumers who are distracted by the excitement of shopping for bargains. Stay vigilant against QR code scams in the same way that you take precaution when it comes to links and attachments, and you’ll be able to protect yourself from losing your hard-earned cash.”

Check if the QR code has been tampered with

Scammers have taken advantage of businesses placing vital QR codes in public spaces, and have been plastering their versions over the original.

Users are directed to a deceptively authentic-looking website where they may enter personal information, leaving themselves vulnerable to malicious malware being installed.

QRFY experts said: “Whether it’s scanning the QR code in the car park before beginning your shopping or using the one at the restaurant to check what’s on the menu, it’s vital that you check the URL it directs you to. If the QR code looks like it’s been tampered with – perhaps it’s been stuck over with a different sticker or looks blurry while the rest of the menu looks in focus – then exercise caution.”

Inspect the URL for spelling errors

One of the key signs of a QR scam is that the URL it’s directed to is incorrect. However, sometimes it may be hard to tell so QRFY experts advise exercising “extra caution”.

They said: “Before every time you go to open the URL, it should be scrutinised to ensure you recognise the web address, and you should look for noticeable spelling errors or switched letters.”

Otherwise, the codes could lead people to a fraudulent website that could be easily mistaken for a certified retailer, with stolen logos and images selling the look on the webpage.

Be wary of QR codes in emails or messages

Following the Christmas period, people may receive an influx of texts and emails that come with countless January sale orders and returns. According to QRFY experts, scammers try to exploit this by crafting fraudulent messages that request payment details for a refund or demand an address update for a missed delivery.

They said: “With so many to deal with, it can be easy to accidentally fall for any that look quite ‘authentic’. Poor grammar is an immediate red flag that should arouse suspicion. You should also contact the company using a trusted phone number or email address if you aren’t expecting to receive a QR code – especially if it prompts you to take immediate action.”

Use multi-factor authentication

While unwinding between Christmas and New Year, it’s crucial to put in place extra measures to avoid falling victim to further prevent phishing attempts.

QRFY experts said: “Multi-factor authentication can help prevent hackers from accessing your private devices and accounts even if they have managed to steal your passwords.

“It requires you to confirm your details via a second route – such as a texted code or back-up email address – which the hackers won’t have access to. Likewise, having a strong password in the first place can make it more difficult for scammers.”

Avoid downloading a QR code scanning app

Given the popularity of using QR codes, it’s no surprise that there are now QR code scanning apps available. However, since iOS and Android devices’ camera apps already automatically scan QR codes, QRFY experts said using a specific app “isn’t necessary”.

They added: “If you are set on downloading one, check – and then check again – that it is from a reputable and trustworthy source, otherwise your sales shopping could be cut short.”



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.