Quishing – beware the dodgy QR Code
Around £3.5 million was lost to QR code scams in 2024, according to a new scam report from the consumer magazine Which?
These scams involve criminals creating a QR code that leads to a website mimicking a genuine service, such as an online shop or a car park payment site.
The most common way that scammers distribute fake QR codes is by printing them out and sticking them on car park payment machines. When someone comes to pay for parking, they unknowingly follow the fake QR code and are taken to a payment website run by a scammer.
Scammers may also email fake QR codes to people. In these cases, the scammer may pretend to be a genuine company or service and will ask them to follow the QR code to verify their account or receive payment.
Which? offers some useful advice for spotting and avoiding QR code scams, including:
- Look for tampering - can you tell that the QR code has been stuck over something? If you’re not sure, enter the website address manually and avoid scanning the code.
- Preview the website address before following it. When you scan a QR code, you should see the address pop up before you’re redirected to it. Check the address to make sure it corresponds with what you were expecting.
- Avoid using a QR code to make a payment if you can.
- Avoid QR code scanning apps, as it can increase the risk of downloading malware or being redirected to a misleading advert. Most mobile devices have QR code readers within the phone’s camera, so use that to scan QR codes instead.
- Avoid scanning QR codes in emails, as these could be used by scammers to disguise phishing links.
If you lose any money to a scam, call your bank immediately using the number on the back of your bank card and report it to Action Fraud on 0300 123 2040