QR Code Scams, also known as QR Code Jacking, QR Code Spoofing, and ‘quishing,’ have been discovered in several cities across the United Kingdom throughout this year. While the impact of this latest technology-based crime has not become widespread yet, it’s important to remain aware of the threat that this scam poses to not only your financial data, but your devices and account information as well.
But What is QR Code Jacking?
QR Codes have become essential features at Parking Kiosks, Restaurant Tables, E-Scooters, and on products like travel tickets and food packaging. QR Code Jacking is when a third-party places similar or identical stickers over the original ones on these locations. In many cases, these stickers lead to websites that imitate the website or payment platforms used by the originals, but your payment and any information you provide will be sent to the imposter.
Once you’ve scanned that code, you become vulnerable to several venues of cyberattacks. QR Code spoofing has been used for all of the following:
Phishing: Redirecting users to fake login pages to steal their credentials.
Malware Distribution: Prompting users to download and install malware onto their devices.
Identity Theft: Gathering personal information from users who scan the QR code.
Financial Fraud: Leading users to fake payment or banking pages to steal financial information.
Safe Measures to Take Against QR Phishing
Some of the best ways to prevent yourself from falling for QR Code Scams is just being aware of your surroundings, and alternative choices to using QR codes. These include:
Using Trusted Sources: Only scan QR codes from trusted sources. Avoid scanning QR codes from random stickers, posters, or unsolicited emails, messages, or websites.
Inspecting the QR Code: Examine the QR code closely before scanning it. Ensure it appears genuine and hasn’t been tampered with or placed over another legitimate code.
Enabling URL Preview: Use a QR code scanner app that provides a URL preview before opening the link. This allows you to see where the QR code will take you before proceeding.
Avoiding Shortened Link Paths: If you don’t recognize the website the QR code is taking you to, it’s best to find an alternative method of getting to the website you’re going to.
Making Prior Payment Arrangements: Particularly for restaurants or parking, ordering your meal or parking ticket ahead of getting to your destination can save you from the risk of scanning a fake code.
How to Handle a Discovered QR Code Scam
Always report suspicious activity! If you come across a QR code that appears to be malicious or part of a scam, report it to the appropriate authorities or the platform where you found it. If you engaged with one of these QR Code scams, make sure you reset your passwords, enable Multi-Factor Authentication, and regularly check your accounts. Periodically review your financial and online accounts for any suspicious activity.
If you supplied the QR code link with any sensitive financial information, please let your financial institution know that you may have been a victim of fraud, and follow any advice they have on how to secure the information you provided.