By Matthew Mohan Matthew Mohan-Hickson
Fake QR codes risk scamming you out of money. Pub-goers need to remain vigilant this summer. Experts have detailed the tell-tale signs you could be about to scan a fake code.
Summer is finally here and what a start it has been so far. The latest heatwave is finally easing but we鈥檝e already had plenty of excuses to head to the beer garden or for some alfresco dining.
However, next time you pop down to the pub or to a restaurant, you need to make sure you are on the lookout for a dangerous modern scam. The name quishing might make you chuckle a bit, but it is no laughing matter.
Since the start of the pandemic at the beginning of the decade, we have seen a widespread adoption of QR codes – especially in pubs and restaurants. It has revolutionised the way we order food and drink.
But if you aren鈥檛 careful, scanning the wrong one could really put a damper on the summer. Here鈥檚 all you need to know:
What is quishing and how does it work?
The name might not be one you recognise quite yet, it is not among the most widely known scams. It is a portmanteau of QR and phishing – the later of which is the name for a common tactic used by fraudsters in the 21st century,
Cloudflare warns that quishing 鈥渋s a cybersecurity threat in which attackers use QR codes to redirect victims to malicious websites or prompt them to download harmful content鈥. It adds: 鈥淭he goal of this attack is to steal sensitive information, such as passwords, financial data, or personally identifiable information (PII), and use that information for other purposes, such as identity theft, financial fraud, or ransomware.鈥
How to avoid falling victim to quishing?
Marc Porcar, CEO of QR Code Generator, has shared his top tips for spotting 鈥榝ake鈥 QR codes and what to do if you suspect one isn鈥檛 legitimate. He advises that you should inspect the QR code for signs that a fake has been placed over a pre-existing one.
Another sign to watch out for is peeling edges, weird bumps in the material and anything else that generally looks suspicious. If the corners of the sticker are peeling and it appears there is something underneath, this can be a sure-fire red flag.
If in doubt and if you have suspicions that your table鈥檚 QR code isn鈥檛 legitimate, it is always best to double check with a staff member before ordering.
Check the URL
When you scan a QR code, your phone allows you to preview the website鈥檚 link before you click to visit the site. Use your judgement to assess the website URL and whether it matches up with the establishment鈥檚 actual website.
Some scammers will set up a copycat website using a domain name that looks similar but is slightly different to the real thing. For example, the imposter URL could be 鈥榟ttps://www.pubname.net鈥 when the genuine website is 鈥榟ttps://www.pubname.co.uk鈥.
Also make sure that the website you are visiting on your mobile browser has a padlock symbol next to it, and that the URL begins with 鈥榟ttps://鈥 rather than just 鈥榟ttp://鈥. This ensures that the website is encrypted with a Secure Sockets Layer (SSL) certificate. Some phishing websites now also use SSL protection in an attempt to trick visitors, so this is a risk that should be taken into consideration when visiting the site.
Suspicious website content
If you click through to a website from a QR code and the webpage content looks unusual or things feel out of place, this can be a sign you are not ordering through a legitimate channel.
Some tell-tale signs that you are on a phishing website include spelling mistakes, lack of correct capitalisation, text being misaligned, and logos and graphics appearing pixelated or out of date.
Asking for too much personal information
When paying online, establishments should only require your email address to provide confirmation of your order, your card number, its expiry date and the last three digits on the back of your card (CVV/CVC). If the site is asking for additional information such as your home address, phone number or even your card鈥檚 pin number, this can be a sign that it isn鈥檛 legitimate.
Offers too good to be true
Websites that offer things such as free money or products could be an indication that the QR code is not legitimate. If you scan a code and are confronted with deals that seem too good to be true, they probably are.
Check whether there is a dedicated ordering app
Many chain bars and pubs, such as Greene King and Wetherspoons, have their own dedicated app for ordering food and drink to your table. Where possible go through the establishment鈥檚 official website, which will redirect you to their self-order app from the Apple or Google Play store. If you scan a QR code and it doesn鈥檛 redirect you to the app, you could be dealing with a phishing website.
Marc Porcar, CEO of QR Code Generator, added: 鈥淭he Euros are a fantastic opportunity for people to come together to cheer on their national team. Unfortunately, scammers see these events as an opportunity to take advantage of people, especially those who have been drinking and may be less vigilant than usual.
鈥淚t鈥檚 important that people continue to exercise caution when scanning QR codes, to prevent falling victim to this type of phishing scam.鈥
Have you had a run in with a fake QR code? Share your experience in the comments below or by emailing me: matt.mohan-hickson@nationalworld.com.