Which? recently reported that scammers are now using QR (Quick Response) codes to relieve us of our money.
We are seeing QR codes more and more frequently these days using them to access web sites rather than having to type in a long list of characters. Indeed we use them ourselves; the link above takes you to our website. All you need do is open the camera on your mobile phone and scan the code. It will then automatically link you to a website.
But Which? has been finding that scammers have started using QR codes for fraudulent purposes. For example fake QR stickers placed over genuine ones in car parks. In particular, people are being signed up to making regular monthly payments when they thought they were making small one-off amounts.
Whilst QR codes can save time, be careful when using them, checking that the website you are directed to is genuine.
Here are five tips for using QR codes safely provided by Which?:
- Check for evidence of tampering when you scan QR codes in public spaces, as someone may have placed a sticker over the real one, or it may look out of place. If in any doubt, type in the web address manually to visit the correct website
- Don’t use an app to scan QR codes as it increases the risk of downloading malware or being redirected to a misleading advert. Most phones have a scanner built into the camera, so use this instead
- Preview the web address as you start to scan it – you should be able to inspect the link by clicking on additional settings within the scanner, or you could turn off internet access for your device (put it on airplane mode) and open the link to view the address details first. If it doesn’t begin with ‘https’ or the website’s address is different to what you were expecting, then don’t visit it
- Don’t use QR codes to download apps as this increases the risks of installing something malicious. Use a verified app store instead (Play Store at play.google.com or App Store at apps.apple.com)
- Avoid QR codes in emails as scammers are increasingly using QR codes to disguise malicious links, as email security tools don’t always scan images