Fake QR codes: beware of scams!

Nowadays, cybersecurity experts are on the lookout for fake QR codes, which are multiplying. Cybercriminals and scammers use QR codes to trap countless victims in phishing activities. They can even know your bank details with just a couple clicks. A piece of advice: be careful! And beware of scams.

When have fake QR codes started multiplying?

The QR code, or ‘Quick Response’ code first appeared in Japan in 1994. This technology enables a smartphone user to go on an internet page or an app with a simple scan using their phone’s camera.

Their usage increased considerably during the Covid-19 pandemic, making the QR code omnipresent in our everyday life: in restaurants, public transports and even in our sanitary pass. Ever since the QR code has become trendy, it’s also become the newest target of cybercriminals. The fact that it’s so easy to use also makes their job easier. What used to be a harmless technology could, in the next few years, turn out to be destructive.

Fake QR codes: the technic used by cybercriminals

The method used by scammers isn’t complex at all. Indeed, a simple sticker or a deceiving flyer would be enough to scam thousands of people. When the victim scans the fake code, they are taken to a website entirely similar to the one they wanted to access. Very often, the fake link invites the victim to download a hacked app.

It seems difficult to detect the fake QR code, unless you pay attention to the details (an overlaying sticker, a fake web address, etc.) Len Noe adds that ‘these stratagems are formidable, because the cyber-attack comes from the camera and therefore bypasses the antivirus software and security filters.’

Because of this, the victims unknowingly give their personal data (notably their bank details) to ill-intentioned people, just like in a traditional phishing campaign via email.

How to protect yourself from fake QR codes?

Many people are being scammed by fake QR codes and don’t know how to protect themselves from them. Here are some advices given by experts that can help you against cyber-attacks:

• Think twice before you scan the QR code and beware of codes in public spaces. Observe whether it’s an added sticker or integrated in the sign/poster. Also, if the code seems to not fit in the setting, ask for a printed copy of the document, or manually type in the URL.
• When you’re scanning a code, look at the website it sends you to. Does it look like what you were expecting, or is it completely different? If it asks you for login details or bank details that seem unnecessary, do not give them.
• Preview the code’s URL by scanning the QR code with your phone’s camera. Numerous smartphones and iPhones give a preview of the URL when you start scanning.
• You can also use a secured analysis app, which is built to detect malicious links before your phone opens them. But there again, you must be careful, because there also are fake apps that steal your data. Only trust known brands.
• Finally, use a password manager. It won’t automatically fill in your details when you’re on a malevolent website.

Fake QR codes: are there any victims in France?

As of now, we don’t have the official number of victims in France. However, the French government is already warning everyone. Cases have also been found in Asia, Germany, and in the USA.

On the other side of the Atlantic, in the city of Austin, car drivers have been victims of phishing via QR codes plastered on parking meters. Instead of being taken to the website or app authorised by the city, they ended up on a fake website which collected the details of their credit card. Still in Texas, a similar scam was found in the town of San Antonio.

In short, QR codes are just another mean for cybercriminals to obtain what they want and another threat that you need to be aware of.