- An expert has revealed how shoppers can protect themselves against QR code phishing schemes while shopping the January sales, as reports of cybercrime rise
- QR code phishing has seen an alarming spike, where crooks cover up codes with fakes and send them out via fraudulent emails and texts to access personal details
- UK’s Action Fraud has revealed there have been over 400 reports of QR code scams this year and 1,200 investigated since 2020
- QRFY warns of made-up emails like those that pretend a parcel needs rescheduling – especially as people wait for their Christmas deliveries to arrive
As QR codes have become more integrated into marketing materials, so have QR phishing schemes.
A ‘quishing’ scam describes when a scammer replaces a valid QR code with a fake version that takes users to a spoofed site, which allows them to steal any information entered.
City Councils such as Newcastle, Cotswold and Worcester have all issued warnings to residents over fraudsters targeting car parks in recent months.
QR code experts QRFY have highlighted five ways to help shoppers stay vigilant amid the ‘quishing’ surge – especially ahead of the January sales, which may prompt further attacks.
Check if the QR code has been tampered with
Scammers have taken advantage of businesses placing vital QR codes in public spaces and been plastering their own versions over the original.
Users are then led to a deceptively real looking site where they may enter personal information or leave themselves vulnerable to malicious malware being installed.
Whether it’s scanning the QR code in the car park before beginning your shopping or using the one at the restaurant to check what’s on the menu, it’s vital that you check the URL it directs you to.
If the QR code looks like it’s been tampered with – perhaps it’s been stuck over with a different sticker or looks blurry while the rest of the menu looks in-focus – then exercise caution.
Inspect the URL for spelling errors
One of the key signs that a QR scam is being executed is that the URL it’s directing you to is incorrect. Although sometimes it may be hard to tell so you’ll need to exercise extra caution.
Before each and every time you go to open the URL, it should be scrutinized to ensure you recognise the web address, and you should look for noticeable spelling errors or switched letters. Otherwise, these codes could lead you to a fake website that could be easily mistaken for your favourite online retailer, with stolen logos and images selling the look on the webpage.
Be wary of QR codes in emails or messages
Following the Christmas period, you may receive an influx of texts and emails that come with countless January sale orders and returns as you try make the most of the cheaper prices.
Scammers try exploit this, crafting fraudulent messages that request payment details for a refund or demand an address update for a missed delivery. With so many to deal with, it can be easy to accidentally fall for any that look quite ‘authentic’.
Poor grammar is an immediate red flag that should arouse suspicion. You should also contact the company using a trusted phone number or email address if you aren’t expecting to receive a QR code – especially if it prompts you to take immediate action.
Use multi-factor authentication
Although it’s easy to get caught up in a scam while unwinding between Christmas and New Year, it’s important to put in place security measures to prevent phishing.
Multi-factor authentication can help prevent hackers accessing your private devices and accounts even if they have managed to steal your passwords.
It requires you to confirm your details via a second route – such as a texted code or back-up email address – which the hackers won’t have access to. Likewise, having a strong password in the first place can make it more difficult for scammers.
Avoid downloading a QR code scanning app
There’s an app for just about everything these days, and given the popularity of using QR codes, it’s no surprise that there is now QR code scanning apps available. However, since iOS and Android devices’ camera apps already automatically scan QR codes, using a specific app isn’t necessary.
If you are set on downloading one, check – and then check again – that it is from a reputable and trustworthy source, otherwise your sales shopping could be cut short.
Speaking on the scam, a spokesperson from QRFY said: “Money is already tight following the holiday period, so the last thing you need is to have a quishing scam steal the last of your savings – especially if it’s a struggle to stretch December’s pay out until the end of January.
“But the Boxing Day and January sales are a breeding ground for scammers, hoping to deceive unsuspecting consumers who are distracted by the excitement of shopping for bargains. Stay vigilant against QR code scams in the same way that you take precaution when it comes to links and attachments, and you’ll be able to protect yourself from losing your hard-earned cash.”
Credit: https://qrfy.com/ – who provided the above advice
Help keep news FREE for our readers
Supporting your local community newspaper/online news outlet is crucial now more than ever. If you believe in independent journalism, then consider making a valuable contribution by making a one-time or monthly donation. We operate in rural areas where providing unbiased news can be challenging. Read More About Supporting The West Wales Chronicle
