A real scam that occurred at Thornaby Station, a 71-year-old woman scanned a fake QR code in the car park. Scammers impersonated her identity, used her personal information, and committed identity theft, taking out a loan of £7,500 . For more information, read the article by The Independent- Beware the QR code: How a new scam is costing consumers £10,000 per day | The Independent
What are QR codes?
QR codes are machine-readable codes consisting of an array of black and white squares, typically used for storing URLs or other information for reading by the camera on a smartphone.
Where do we use QR codes?
They are used everywhere from a simple cafe to a busy airport, seamlessly connecting users to digital content. In cafes, QR codes often link to menus, allowing customers to browse options without needing a physical copy. At airports, these codes can be found on boarding passes, facilitating quick and efficient check-ins. You name it, and there is a QR code.
How do we scan the QR Code?
To read a QR code, you use a device with a camera and a QR code scanner (often built into smartphones or via third-party apps). The scanner reads the patterns in the QR code, decodes the information, and displays it to the user.
Can anyone generate a QR code?
Yes, anyone can generate a QR code. There are free websites that let you enter text or a URL and instantly download a QR code image.
Hence with this simplicity of generating a QR code there are all chances that a malicious scammer can also generate a QR code, input their malicious URL, instantly download a QR image and paste it on top of the legitimate QR code image.
When anyone tried to scan the QR code it immediately takes them to the malicious URL, asking for personal details or bank details or shaping further scam like impersonating the bank with your personal details and landing up taking a person loan online.
How do we protect ourselves from such QR scams?
1. Verify the source
We must know the source of the QR code, like if I am at the restaurant and they offer to scan the code to view the menu or for feedback, which I feel is reliable, and I trust the source so that sums up for verifying the source.
When in a public space, I would hesitate to scan a random flyer, regardless of how important or interesting it may appear, since I cannot verify its source. Instead, I prefer to visit the website directly to review the details, rather than simply scanning the QR code found on a random flyer or something stuck in public areas.
2. Inspect the URL carefully
Examine the URL for any spelling mistakes or unusual domain names. Legitimate businesses usually have websites and start with https( secure connection).
3. Check for tampering
Always look at the QR code sticker to see if there are misaligned or it looks like the QR sticker has been placed on another sticker. It’s better to avoid it and try going to legitimate website and look for other available options.
If you believe you have scanned a harmful QR code, what to do?
1.Disconnect from the internet:
The top-notch solution to stop a data transfer is to disconnect from the internet. It does not remove the malware, but this will prevent the further spreading on other devices which are connected to the same network.
2.Keep a tab on your critical accounts:
You must keep a tab on all your bank accounts, critical email id’s, and social media platforms to see if there are any strange activities on the accounts. Suggest resetting the passwords, Incase of any help needed on- How to set a strong password, please read the blog :Discover How Knowing Just the Number of Characters Could Put Your Accounts at Risk! – CyberSecForAll
3.Report the scam:
It is essential to inform the vendor that their QR code has been spoofed. Additionally, it would be important to report the scam to the relevant government agencies that provide assistance.
Disclaimer: The information provided in this blog is intended solely for educational and informational purposes. It should not be construed as professional advice. The author makes no representations as to the accuracy or completeness of any information and will not be held liable for any actions taken based on the content of this blog. Readers are encouraged to do their own research and consult with appropriate professionals where necessary.
