At present, QR codes have become an integral part of our daily lives, simplifying tasks from mobile payments to accessing information with a quick scan. However, the convenience they offer has also attracted the attention of cybercriminals, leading to a significant surge in QR code scams, with a staggering 500% increase since the onset of the pandemic. One alarming trend is the targeting of car parks and electric vehicle charging points, where criminals exploit QR codes to harvest sensitive information or spread malware.
The Emergence of QRshing: A Growing Threat
What is QRshing?
QRshing, a fusion of QR code and phishing, has quickly become one of the most common online scams. This technique involves the use of fake QR codes designed to look like the original but redirects users to malicious websites, where their personal or financial information is harvested, or malware is deployed onto their devices.
Targeting Car Parks and Electric Vehicle Charging
How Criminals Operate:
Criminals are now focusing on high-traffic areas like car parks and electric vehicle charging points. They discreetly place fake QR codes over legitimate ones, tricking unsuspecting users into scanning them. Once scanned, these fake codes can lead to the theft of personal details, which may be used for identity theft or other malicious activities like financial theft.
In a recent incident, a criminal placed a counterfeit QR code on an electric vehicle charging point. Users who scanned the code unknowingly provided their credentials, which were later used to gain unauthorised access to their bank accounts. This highlights the severity of the threat posed by QR code scams.
QR Code Scams in Emails: A Sneaky Approach
Phishing Emails with QR Codes:
QR code scams have also found their way into email communications. Cybercriminals pose as reputable companies and send phishing emails containing QR codes, urging users to scan them. Once scanned, these codes can lead to fake websites designed to elicit confidential information.
Spotting a Fake QR Code in Emails:
Legitimate companies rarely request personal information through QR codes in emails. Users should be wary of unexpected emails, especially those urging immediate action. Double-check the sender’s details and website URLs before scanning any QR codes received via email.
How to Know if a QR Code is Legit: Tips to Spot a Fake QR Code
- Check for Tampering: Examine the QR code for any signs of tampering, such as additional stickers or overlays. Legitimate QR codes should be smooth and unaltered.
- Verify the Source: Only scan QR codes from trusted sources. Be cautious with codes in public spaces and double-check for any irregularities.
- Use a QR Code Scanner App: Utilise a reliable QR code scanner app that can detect malicious content. These apps often provide security features to identify potential threats.
- Scrutinise URLs: Before scanning a QR code, check the destination URL. If it appears suspicious or differs from what you expect, refrain from scanning.
Stay Vigilant: Protect Yourself Against QR Code Scams
While QR codes offer convenience, it’s crucial to stay vigilant and adopt a cautious approach:
- Verify the Source: Always ensure you are scanning QR codes from reputable sources.
- Educate Yourself: Stay informed about the latest scams and phishing tactics to recognise potential threats.
- Report Suspicious Activity: If you believe you’ve fallen victim to a QR code scam, report it to Action Fraud or your local law enforcement.
In conclusion, the prevalence of QR code scams demands heightened awareness from smartphone users. By adopting a cautious mindset, staying informed, and following best practices, we can continue to enjoy the benefits of QR codes while mitigating the risks associated with their misuse.
Contact us today if you have any questions or would like to discuss your cybersecurity journey in more detail.