Trigger Fraud Alert #15 (August 2024)

QR Codes as enablers of fraud – “An Alert from Action Fraud”

QR codes or quick response codes work when the user scans them via a digital device, usually a smartphone. They are widely used for quickly directing users to websites, logging into devices or ordering or paying for good and services.

Cyber criminals are increasingly using QR technology to scam victims, by creating their own malicious QR codes designed to trick people into handing over banking and/or personal information.

Analysis by Action Fraud from reports across the UK reveals that most of these scams tend to happen in open spaces, such as car parks or parking meters. A common scam involves malicious QR code stickers being placed on top of legitimate QR codes in car parks. These will then link to genuine looking payment sites that steal personal and financial data. Action Fraud are also seeing an increase in the number of fake emails using QR codes. Between October 2023 and June 2024, they received 199 reports from across the UK relating to this type of criminality.

Advice on how to use QR codes safely

QR codes used in pubs and restaurants are probably safe for you to scan.

Scanning a QR Code in open spaces (stations or car parks) might be riskier.

Check for tampered QR Code stickers and if in doubt do not scan them and use a search engine to find the official website or app for the organisation you need to make payment to.

If you receive an email with a QR code in it and you are asked to scan it, then exercise extreme caution, as Action Fraud are seeing an increase in these types of “quishing attacks.”

When scanning a QR code, use the scanner that comes with your phone, rather than using an app downloaded from an app store. For further information and advice on using QR codes safely visit Get Safe Online.

If you have been a victim and lost money, call 101 and report it to Humberside Police.

Visit fraudwatch.org.uk for more information about fraud and where to get support.

You can also sign up to receive future alerts at alerts.fraudwatch.org.uk.