QR codes have become a popular tool used by businesses and individuals alike for activities such as redeeming coupons or sharing contact information.
However, due to their nature, these codes are also capable of being faked by malicious agents seeking to take advantage of unsuspecting users.
To avoid becoming a victim, it’s important to know how to spot a fake QR code so that you can identify any that may come your way in order to protect your data from cyber criminals.
In this blog post, we'll discuss what you need to look out for when verifying if a QR code is legitimate before using it.
In simple terms, fake QR codes are being used in a scam that fraudsters use to trick people into visiting malicious websites or downloading malware and harmful software.
These QR codes might look similar to legitimate QR codes, however they actually direct you to a fraudulent website or download.
QR code scams work by tricking users into scanning the malicious QR code with their device’s camera.
Once scanned, the code will direct the user to a website that is designed to look legitimate but is controlled by cybercriminals.
The website may contain malware or other malicious software that can steal your personal details such as credit card information or any sensitive information from the device.
The number of QR code scams in the United Kingdom is expected to rise significantly in 2023.
According to a report by the National Fraud Intelligence Bureau, there were over 3,000 reported cases of QR code scams in the UK in 2020.
This figure is expected to reach around 10,000 cases by the end of 2023 as criminals become more sophisticated in their methods and technology advances.
In fact, it's projected that by 2023, the number of victims falling for the QR code scam will increase by over 16%.
Due to COVID-19, the UK’s hospitality sector introduced QR codes and self-ordering technology across restaurants nationally to minimise customer contact.
Although these measures have been in place for a few years now, a staggering 53% of UK consumers are struggling to identify malicious QR codes, as per ChronicleLive.
There are many QR code scams to watch out for. Some recent examples of QR scams in the UK includes:
One of the most common QR code scams in the UK recently is parking payment scams.
Various car parking lots on the Isle of Wight, UK have been identified as using QR code payment scams for parking payment machines.
According to the Isle of Wight Council, several individuals have encountered a problem when contacting the designated when scanning a fake QR code and sticker displayed on the parking machines.
This code prompted users to input their credit card information before money was taken out of their account.
Recently, the popular method of paying for car parks and on-street parking has become even more prevalent.
As we move away from traditional coin machines, QR codes have become increasingly common.
However, this increased usage has also exposed people to QR code scammers, resulting in a recent surge of QR tricks at UK car parks, as reported by ChronicleLive.
Malicious QR code ticket scams have also been on the rise in the UK recently and is one of the most common QR code scams to exist currently.
Scammers use fake tickets to gain access to events such as concerts, sports matches, and festivals.
They do this by using sophisticated technology to generate counterfeit tickets with a QR code link that appears identical to legitimate tickets.
These fake tickets are then sold online or through social media platforms, often at significantly discounted prices.
Phishing QR code scams are increasing significantly across all industries in the UK.
This deceptive method is also known as Quishing or QR phishing. Cyber criminals masquerade as trustworthy companies to send phishing emails embedded with fake QR codes.
An example of information within these emails could be a claim that your online banking payment did not process therefore, prompting you to resubmit your credit card details by scanning the QR code.
Unfortunately, unsuspecting victims fall into the trap and, unknowingly providing their financial information with login details onto the phishing website.
Consequently, the cybercriminal will then gain access to these credit card details.
If you receive any HMRC related phishing QR codes that look like legitimate ones, simply forward the suspicious emails with QR codes to phishing@hmrc.gov.uk and then promptly delete them.
Fake coupon QR codes are another way scammers are using fake QR codes in order to steal money from unsuspecting victims in the UK.
The scammer will create fake coupon QR codes claiming to give a discount or special offer, instructing to be scanned using a smartphone camera to then be applied at a checkout, when making an online purchase from an authentic online retailer.
Once scanned, the code redirects customers to a fraudulent website where their credit card information can be stolen by the scammer.
You may have seen this on social media platforms such as, Facebook with an Argos sale that direct users to a phishing websites.
Text message QR scams involving fake QR codes have become increasingly common in recent years also.
Scammers send text messages containing malicious links or QR codes to lead users directly to malware-laden websites or downloads without them knowing it.
Individuals in Newcastle, UK received a fake site link offering an opportunity to "win" the new iPhone 14.
If the link was clicked or QR code was scanned the user would be directed to a phishing website that asks for payment information.
To help fight phishing scams, you should send any suspicious text messages to 60599 (network charges apply) or email phishing@hmrc.gov.uk then delete them.
Fake QR codes have also been used in charity scams in the UK. In these scams, victims receive an email with a QR code leading them to a website to donate money towards what appears to be a legitimate charity organisation.
However, this is another way for scammers to collect money from unsuspecting donors.
Poor Quality: Poorly designed QR code can be difficult to scan and may not even work at all. Additionally, a fake QR code may contain typos or other errors that make it difficult to read.
Unfamiliar Domain Name: Most legitimate businesses will use their own domain name on the real QR codes, so if the URL associated with the code looks unfamiliar or suspicious to you, it’s best to avoid scanning it.
Suspicious Content: If you scan a QR code and are presented with content that seems suspicious or out of place, this could be another warning sign of a QR code. For example, if you scan a restaurant’s QR code and are taken to an online casino site instead, this could be an indication of a fraudulent QR code.
Asking for Personal Information: Legitimate businesses will never ask for personal information such as your credit card information, payment information, financial information, login information or any kind of sensitive information via a QR code scan.
Offers Too Good to Be True: If you come across a website offering something that seems too good to be true after you scan QR codes (such as free money or products), this could also be an indication that the QR code is not legitimate.
Any fake QR codes can lead to a range of cybersecurity risks. Some of the major risks include:
Fake QR code scams have a significant impact on consumers who are unaware that they have been targeted by cyber criminals.
In addition to financial losses, victims may also suffer from emotional distress and psychological trauma as a result of having their personal information stolen or compromised. Identity theft can take months or even years to resolve.
Here are the 9 best tips to spot fake QR codes:
When you come across QR codes, it’s important to take a moment to check the source of the code as not all QR codes are safe to scan.
Make sure it is coming from a reputable source. If you don’t recognise the company or sites associated with the QR codes, it may be best to avoid scanning it altogether.
Additionally, if you see any misspellings or typos on the webpage where the code is located, this could be an indication that it’s not legitimate.
If you do decide to scan QR codes, make sure to look for secure URLs that start with “https://” rather than just “http://”.
Secure websites are more likely to protect your personal information and keep your data safe from hackers.
Additionally, most secure websites will also have a lock icon in the address bar of your browser when you visit them.
When scanning QR codes, never provide any sensitive information such as your credit card details or bank account details unless you are absolutely certain that the website is secure and legitimate.
It's also important to remember that no legitimate company will ever ask for personal information via any QR codes scan.
If scanning QR codes lead you to an unfamiliar app download page, it's best to avoid downloading it altogether, as these apps could have malicious software designed to steal your personal information or damage your device.
It's also important to make sure that all your devices have up-to-date antivirus software installed on them to protect yourself from viruses and malware when you scan QR codes or visit unfamiliar websites.
Be aware of any offers or deals that seem too good to be true when scanning a QR code as this could be a sign of scams or phishing attempts designed to steal your personal information or money.
If prompted by a website to share any personal data such as contact details or payment information after scanning a QR code, use caution, as this could be used by criminals for identity theft purposes later down the line.
Before downloading anything after scanning a QR code, always read reviews from other users who have tried out the product being offered in order get an idea of how reliable and trustworthy it is before taking any further action.
Be wary of clicking on links sent via email from unknown sources after scanning a QR codes, as these could lead directly into malicious websites designed by cybercriminals specifically for stealing private data.
If you've already scanned the code, disconnect from the Wi-Fi and turn off your phone's Bluetooth to prevent further harm.
Ensure you have an up-to-date antivirus software installed on your device and run a thorough scan.
If you've already given out sensitive information, such as financial or login credentials, contact your bank and service provider to let them know of the incident.
You can also:
The UK government is taking several steps to tackle the increase in QR code scams over the last few years.
This includes introducing new laws which makes it illegal for companies to use misleading or deceptive practices when dealing with customers and their data.
They have launched a public awareness campaign about the dangers posed by fake QR codes and are investing millions into research of new technologies that can help detect fraudulent codes quickly and efficiently.
When you are wanting to scan a QR code, one of the safest ways is to scan it through any one of the below apps:
Is it possible to make a fake QR Code?
Yes, it is indeed possible to create a fake QR Codes, which can carry misleading information or lead the user to a malicious website. Some free tools are Adobe Express app, QR code Monkey, mention QR code generator, QR code generator, Canva etc.
How can I check if a QR Code is valid?
One way is to use a QR Code scanner app that can detect if the code is valid or not. Another way is to examine the design of the code itself; genuine codes should have equal-sized squares and a clear pattern, whereas fake codes may appear distorted or contain elements that should not be there.
What happens if I scan someone's QR Code?
Usually, you will be taken to a webpage, or a product page related to the QR code. However, it's important to be cautious when scanning QR codes, as there have been cases of fraudulent QR codes.
What can hackers get access to if you scan a fake QR code?
Hackers can gain access to personal information, including name, address, and even credit card information details.
What should I do in the case of QR code scam?
The first step to take if you suspect you've been scammed through a QR code is to contact your financial institution and file a report.
Can a QR code get you hacked?
The short answer is yes, but the risk is relatively low if certain precautions are taken such as checking the URL, looking for signs of tampering and using a QR code scanner app.