As many people enjoy the flexibility of online shopping, or making financial transactions, the number of online fraud cases have increased. In recent months, we’ve seen a new threat emerge in the form of QR Code Fraud.

QR codes are used to deceive people into making unauthorised bank account transfers, exposing their personally identifiable information (PII), or disclosing their login credentials. When QR Codes are scanned, a message is displayed informing you of the amount of money that has been deducted. The use of QR codes is increasing. The amount of fraud associated with internet transactions has increased as more consumers shift to them.

How does the scam work?

Scammers can send an email, text message, distribute a brochure with a QR code. Once the person scans the QR code from their phone they are redirected to a site to fill in their personal information or enter their login credentials. In other instances, the malicious QR Codes cause users to open a Payment app or follow a malicious social media account without the user’s knowledge. Once the details are entered, they are captured by scammers who then go on to steal your information

How to avoid the scam:

  • If someone sends you a QR code, double-check it before scanning it. If you receive a text message from a friend or a message on social media from a co-worker, contact that person first to ensure they haven’t been hacked before scanning the QR code.
  • Do not click on links sent to you by strangers. Even if they promise you amazing presents or investment opportunities, don’t scan the QR code if you receive an unwanted message from a stranger.
  • Check the source. It’s a good idea to double-check a QR code that appears to come from a credible source. If the correspondence looks to be from a government agency, confirm by calling or visiting their official website.
  • Short links should be avoided. When you scan a QR code and see a URL-shortened link, recognise that you have no idea where the code is taking you. It’s possible that it’s hiding a malicious URL.
  • Always do a physical check on the advert, or material where the QR Code is to check if the code has not been inserted over the original image.
  • Install a security-enhanced QR scanner. Some antivirus vendors have QR scanner apps that assess a scanned link’s safety before opening it. They are capable of detecting phishing scams, forced programme downloads, and other potentially harmful links.

A few simple things must be kept in mind. It’s important to note that scanning a QR code is only used to make payments, not to receive.

Please be aware that accepting a collect request of this nature or scanning a QR code for payment will always result in money being deducted from your account. So, under no circumstances should you do it while getting money.