It’s a truism of sorts that ‘What happens over there, will at some point happen over here too.’ That is, events, culture, fashions and so on that originated in the US will at some point make it to the shores of the UK and to some extent wider Europe too.

In the US scammers are now targeting QR codes by tampering with the pixelated barcodes and redirecting victims to sites that steal logins and financial information. And this scam could well start appearing over here.
  • Businesses use QR codes legitimately to provide convenient contactless access. They have used them much more frequently during the Covid-19 pandemic.
  • Cybercriminals are taking advantage of this by directing QR code scans to malicious sites to either steal a victim’s data, or to embed malware that provides access to the victim's device, or redirect payments to the cyber miscreants.
  • QR codes were used late last year in phishing emails to steal Microsoft 365 credentials. The QR codes were useful to attackers because the barcode images bypassed email filters that use URL scanners to block malicious links.
However, fraudulent QR code stickers have been discovered on parking meters in major Texas cities. These aimed to trick people into paying for parking to a fraudulent website. The scam sought to take advantage of parking meter terminals that have signs with QR codes by redirecting users to a so-called third-party parking payment app.

The QR codes directed unsuspecting users to a fraudulent website which would asked for payment details with the promise that their parking session would be paid for. Of course, this never happens.

A fading star burns bright again

The use of QR codes was waning prior to the pandemic. But it can be argued with some conviction that the onset of Covid-19 injected new life into this fading tech nugget.
  • QR codes have helped businesses that needed a way to communicate in a suddenly touchless society.
  • They have been deployed in restaurants, on doors to advise of Covid-19 changes, in mailings and connected to website landing pages.
  • But most of all they have been used to affirm that a person is certified as having vaccinations, which in turn meant they have also been widely used in the travel industry too.
Forewarned is forearmed

As long as QR codes remain popular, and it looks likely that they will, it’s inevitable that QR scams will cross the Atlantic and come here sooner rather than later. To give you a heads up here are some useful tips to follow if you come across a suspicious QR code.
  • Check the URL after scanning a QR code because the URL may look like the legitimate site.
  • Be careful when entering credentials or financial information on a site visited via a QR code. In fact, it’s safer to avoid making payments through a site navigated to from a QR code. Rather, manually enter a known and trusted URL to complete the payment.
  • Avoid downloading an app from a QR code. Most phones have a QR code scanner built into the camera.
QR codes – a brief history
  • QR stands for quick response.
  • In the 1990s, Japanese company Denso Wave developed the QR code as a way to track vehicles through the manufacturing process.
  • At the end of the 1990s and into the 2000s, marketers latched onto QRs as a way to easily send people to landing pages and specific web content.
  • Trade shows were fast adopters, as it was easy to walk a trade show, use your QR reader app and go paper-free through the event.
  • Apple integrated the QR reader into the iPhone’s camera in 2017, and other manufacturers quickly followed suit.
  • However marketers’ interest in QR codes began to wane, until the onset of the pandemic.