Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Wales Online
Wales Online
National
Luke Weir

Criminals are using QR codes to scam people in restaurants with 'QR phishing' on the rise

Due to a rise in restaurants using QR menus, particularly since the Covid-19 pandemic, an increase in criminal activity using these codes has duly followed. No matter what technology comes along, fraudsters will find a way to exploit it, with this recent development being used to scam innocent people out of their money and data.

Almost 84% of smartphone users have scanned a QR code at least once, and over 34% scan a code once a week, according to anti phishing platform TitanHQ. This popularity has led to a rise in ‘QR code phishing’, allowing cybercriminals to scam, hack and cause malware infection.

This is achieved by the link contained within the QR code providing the cybercriminal with the opportunity to perform phishing. The legitimate menu QR code is replaced with a malicious one, which will instead take the user to a fake website designed to mimic the real account and have the customer divulge personal data.

QR email phishing - or quishing - is also on the rise, with fraudsters embedding a malicious code into a legitimate-looking email. A recent example saw a Microsoft 365 phishing campaign use QR codes to steal log-in credentials, with people who scanned the code being taken to a fake Office 365 page which requested credentials to gain access to the message.

They are also being used in tax scams, with HMRC even adding support for QR codes on their website. The spoof HMRC email asks the recipient to scan the code to pay overdue tax, instead taking the taxpayer to a site where their financial information is stolen.

Such is its concern, the MIAA (a division of the NHS) has issued a warning, while the FBI has done similar in the US. The best way to avoid being caught out is to be educated on the differences between legitimate codes and those that are looking to steal your data.

For those more concerned, you can use a DNS filter which will break the phishing cycle by stopping users from navigating to a malicious website. The DNS filter creates a ‘blocklist’ of URLs.

Email filters such as SpamTitan use multiple mechanisms to catch difficult-to-detect phishing messages. These mechanisms include advanced AI-based algorithms to spot difficult-to-detect spam.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.