A new kind of digital scam is spreading across the UK, where criminals trick people using fake QR codes. This type of scam is called “quishing,” and it has been growing quickly. In 2023, there were over 1,300 reports of this scam, compared to only 100 cases in 2019, showing just how fast it's increasing.
How These Scams Work
Scammers take advantage of everyday places where QR codes are used for payments or information. This includes locations like parking spots or restaurant tables where you scan codes to pay or view menus. What these scammers do is cover the real QR codes with fake ones that they control.
When someone scans the fake code, it sends them to a fake website. The site may ask them to enter payment details, thinking it's a normal payment page. In some cases, clicking the link may even install harmful software on the person’s phone without them knowing.
Why It’s Hard to Notice
These scams can be hard to detect. Unlike large frauds that take big sums of money at once, these scams often take small amounts over time, making it less likely for someone to notice. The charges might look like monthly fees or parking payments, so they often go unnoticed.
Cyber experts say that what makes this scam dangerous is how real the fake websites appear. The links that come up after scanning look just like real ones, so people don’t think twice before entering their card numbers or other personal information.
What You Can Do to Stay Safe
Here are some simple steps to protect yourself:
1. Only scan QR codes that you trust. If the code looks tampered with or placed unevenly, avoid using it.
2. Never enter sensitive information like card numbers on a website you reached through a QR code unless you’re sure it’s safe.
3. Before submitting any details, double-check the website’s name or URL for spelling errors or anything unusual.
4. Use a reliable security app on your phone that can detect harmful links or files.
QR codes were created to make daily tasks faster and more convenient. But now, scammers are misusing them to steal people’s information and money. As these scams become more common, the best defense is to be alert and avoid scanning any QR code that looks even slightly suspicious.
Quishing, short for "QR code phishing," involves using QR codes to deceive victims. Here's how it works:
Cybercriminals generate seemingly harmless QR codes that lead to fraudulent websites or initiate downloads of malicious software. These malicious QR codes can be distributed via emails, social media, printed materials, or even by placing stickers over legitimate QR codes in public spaces.
When someone scans the malicious QR code, they are directed to a deceptive website. The site may appear legitimate, offering discounts, special deals, or other enticing content. However, victims are unwittingly prompted to provide sensitive information, such as login credentials or financial details. In some cases, malware is downloaded, compromising the victim's device and network.
One notable trend involves the use of crypto ATMs and QR codes. The FBI has reported an increase in scammers instructing victims to use physical crypto ATMs for payment transactions. Fraudsters manipulate victims into making payments and guide them to cryptocurrency ATMs. The given QR code automatically fills in the recipient's address, making the process seem legitimate.
Be Cautious: Only scan QR codes from trusted sources. Avoid scanning random codes in public places. Double-check the URL before providing any information on a website. If something seems too good to be true, it probably is.
Use a QR Code Scanner App: Opt for a reputable QR code scanner app that checks URLs for authenticity. Some apps provide warnings if a code leads to a suspicious site.
Stay Informed: Keep up with security news and trends. Educate yourself and your team about the risks of quishing.
QR codes—those pixelated portals to convenience—can also harbor danger. As you scan, tread cautiously. Verify sources, question context, and guard your trust. Remember, not all codes lead to safety.