An online expert warns of a rising wave of QR code scams and offers essential advice on how to stay safe

• Scammers are increasingly targeting areas like parking payments, social media messages, phishing emails, and fake QR code scanner apps

• To protect yourself, watch for spelling and grammar errors, be cautious when downloading new apps, and avoid making payments via QR codes whenever possible

QR codes have become a valuable tool for businesses because they are easy to create and set up, eliminating the need for physical media or manually sharing URLs. However, there has been a surge in scammers exploiting QR codes to deceive victims into visiting malicious websites or downloading malware onto their devices.

Kushal Tantry, CEO of QR Code Developer, has highlighted six emerging QR code scams and provides key indicators to help you identify and avoid them.

Parking information and payment scams

One of the most common QR code scams in the UK and US right now involves scammers placing fake QR codes onto parking meters or information signs. This leads victims to a website that looks official but is designed to steal users’ credit card information. People are usually in a rush to pay and may attempt contactless payment without looking for warning signs.

Avoid paying through QR codes whenever possible, especially in public places. If the fake code is covering up a real QR code in that location, check if the URL is secure and what you would expect to see. Any spelling or grammar errors on the actual site can also determine if it might have been created by scammers.

Posters and information board scams

Other fake QR codes in public places may be found on posters or information boards, especially in town or city centers during the summer season when many events are taking place. These scams tend to target unsuspecting tourists or locals looking for further details from an advertisement, which can lead them to a fake website or malicious download.

Check if the QR code is a sticker that might be covering up and replacing an existing code underneath. It may have been placed in a strange way compared to the rest of the advertisement, showing the code could have been stuck on afterwards. Look out for other obvious signs that you are on a phishing website and not the legitimate site, such as spelling mistakes or incorrect branding.

Social media message scams

QR code scams can be found on many social media sites such as Snapchat or Facebook. Hackers may take over one of your family’s or friends’ accounts and send messages containing QR codes, trying to convince you to scan them. Treat any such unusual requests with caution, especially if they are out of the ordinary.

These messages are likely to be worded differently from how the person normally replies or could come from someone you have not spoken to in a long time. If you think someone might have been hacked, be sure to message or call them on their mobile number to verify if these messages are legitimate.

Phishing email scams

Scammers often include fake QR codes in phishing emails that they send to potential victims. This is because people often fail to recognize that scanning these codes can be just as risky as clicking on links contained within unsolicited emails. Examples of this scam include phoney emails from a well-known retailer containing a QR code pertaining to a failed transaction.

Avoid interacting any further with the email or sender if emails mention failed orders, purchases, or unknown accounts. Make sure to check the email addresses for spelling mistakes or errors and contact the company directly through their website if unsure.

Physical mail and package scams

Any advice around unsolicited emails can be applied to anything you might receive in the mail, such as letters or packages. Scammers can use bogus letters to trick you into scanning a QR code through surveys, competitions, or tracking a supposed order. It is unlikely that many legitimate companies would send you a QR code to use in this way.

Any mail used for scams may use urgent or threatening language to get you to act quickly or incentivize you to scan by offering made-up rewards. If the mail appears to come from a company you recognize, be sure to check their website first on your official account or ring their helpline.

QR code scanner app scams

Scanning QR codes is doable via your smart device camera, but some scammers may also try to fool you into downloading a harmful scanner app. This then allows malware to be installed on your device that can steal data and personal details. Be careful when downloading any scanner apps that have strange reviews or have received a lot of ratings in a short space of time.

You can recognize these sorts of malicious apps if they immediately ask you to download a sizeable update after being installed, which is likely to be the malware. Use the official online stores when searching for new apps and check to see if they request permissions that seem extensive for what is needed, such as controlling your screen.