top of page

Membership is FREE so join today to receive your welcome pack and access to all of our cyber security advice and resources.

Want to improve your cyber resilience?

Look Before You Scan – The Rising Threat of QR Code Scams

Parking Payment Machine - Common Place for QR Code Scams to take place

In today’s fast-paced digital world, convenience often comes at a cost. As QR codes become ubiquitous, their ease of use is also being exploited by scammers. Here's a closer look at the growing threat of QR code scams and how you can protect yourself.

A Common Scenario

Imagine this: You're heading to a meeting in an unfamiliar part of town, running late, and it's raining. You finally find an empty parking bay, only to realise that the parking meter doesn’t accept coins anymore. Instead, it requires a payment app that you haven’t downloaded yet. As the rain pours down and your frustration mounts, you spot a QR code on the meter. Scanning it seems like the quickest solution, but this could be a trap.

The Rise of QR Code Scams

QR codes are designed to simplify tasks, but they also offer scammers an easy way to direct unsuspecting users to malicious websites. A recent example shared by digital identity expert David Birch illustrates this risk. His sister fell victim to a QR code scam in a public car park. She scanned a fraudulent QR code, entered her debit card details into a fake website, and narrowly avoided financial loss by quickly alerting her bank.

The Ubiquity of QR Codes

QR codes have become essential in various aspects of our lives, from boarding planes and trains to accessing restaurant menus. The push for contactless interactions during the COVID-19 pandemic has only accelerated their adoption. However, this widespread use has also expanded the "attack surface" for cybercriminals, making QR codes a favourite tool in phishing campaigns.

How Scammers Exploit QR Codes

Scammers can easily create QR codes using free online services, embedding malicious URLs that lead to phishing websites. These codes can be pasted over legitimate ones or included in emails and text messages. The US Federal Trade Commission has issued alerts about such scams, highlighting how criminals use QR codes to trick victims into revealing personal information or installing malware.

Tips to Protect Yourself

  1. Preview URLs: Many smartphones allow you to preview the URL before scanning a QR code. Use this feature to check where the code will take you.

  2. Think Before You Scan: Avoid scanning QR codes from emails, text messages, or suspicious sources.

  3. Be Wary of Shortened URLs: Shortened URLs can conceal the actual address, making it harder to verify their legitimacy.

  4. Never Share Sensitive Information: Do not enter bank details or personal information via links accessed through QR codes.

  5. Stay Informed: Educate yourself about the latest scams and follow cybersecurity advice from reputable sources.

By staying vigilant and adopting a healthy skepticism towards QR codes, you can protect yourself from falling victim to these increasingly common scams. Remember, convenience should never compromise your security.

Stay safe and secure, The SWCRC Team


bottom of page