Tech expert issues phishing warning as online scammers target bargain-hunting Brits

A tech expert has issued a warning about QR code scams that target online shoppers seeking a deal or discount during the January sales, also known as ‘quishing.’

QR code experts QRFY predict a surge in scams over the next month as cybercriminals replace square barcodes in emails and texts with fraudulent versions that allow them to steal users’ personal information – including their bank details.

And with many Brits feeling the pinch after Christmas, scammers will look to take advantage of bargain-hunting shoppers. This may include sending a fake QR code that offers an ‘exclusive discount’ or asking them to reinput their address to reorganise a ‘failed delivery.’

Phishers may also create fake sites that mimic legitimate ones. To access the site or get a deal – such as those offered for joining a mailing list – users will be asked to enter personal details after scanning a QR code, meaning their data can be sold or used to commit fraud.

Some shoppers may be more vulnerable to these scams than others, the experts say, due to a lack of awareness around this tactic or impulsiveness when buying online.

Speaking on the concerns, a QRFY spokesperson says: “Brits need to be particularly vigilant around emails offering discounts this time of year – especially if they include a QR code or lead you to a form to input information – as many scammers will offer ‘too good to be true’ deals to entice seasonal shoppers to input their personal information.

“Many will also include an urgent prompt to encourage shoppers to make rash decisions and not stop to check the authenticity of these deals, perhaps offering money off ‘one day only’ or stressing that a sale or discount ends soon. The difficulty is that many legitimate brands also utilise these tactics, so it’s key that Brits learn the telltale signs of a ‘quishing’ scam.”

Five ways that shoppers can stay vigilant amid a phishing surge this January are as follows:

1. Check if the QR code has been tampered with

If featured on a printed leaflet, in a shop window, or on a sign, there are often visible indications that a QR code has been tampered with. A recent example of this type of scam was seen in Newcastle in November, where the City Council reported con artists putting up fake codes in car parks to trick motorists into making £60 parking payments.

If the QR code looks like it’s been interfered with – for example, if it has fraying edges, looks blurry or pixelated, or isn’t aligned properly on the advert, poster, or sign – it’s likely a fraudulent barcode that’s been stuck over the authentic version.

2. Inspect the website URL for spelling errors

One of the key indications that a phishing scam is being executed is that the URL you’re being directed to is spelt incorrectly. Before each and every time you open the URL, make sure that you recognise the web address and that there aren’t any spelling mistakes or odd formatting choices that may indicate a fake domain.

Often, these codes lead you to a site that can easily be mistaken for your favourite retailer as they’ve copied the logos and images from the original. If you’re unsure whether the site you’re visiting is authentic, always go the ‘long way’ and type in the site directly rather than accessing it via an emailed link or QR code.

3. Be wary of QR codes in emails or messages

Unless you know a brand will email or text you a QR code, it’s always best to exercise caution. You’ll likely receive an influx of promotion-based texts and emails throughout the January period as brands advertise their post-Christmas sales – but you’ll rarely receive a promotion that can only be redeemed by scanning a QR code, as many brands instead opt for a letter-based discount code that’s clearly visible on their site.

Poor grammar throughout the email is an immediate red flag that should arouse suspicion as a nonsensical email address or odd subject line. Be wary of texts or emails requiring you to input personal details via a QR code to ‘rearrange a missed delivery’.

4. Use multi-factor authentication when logging in

Although it’s easy to get caught up by a discount or deal when shopping online in the New Year, it’s important that you follow security recommendations to prevent phishing. This includes implementing multi-factor authentication when logging into your email accounts.

Multi-factor authentication requires you to provide two or more forms of credentials when logging into a private account to confirm your identity, such as a mobile number, answer to a personal security question, or fingerprint. Following these measures can help secure your accounts against theft if you’ve accidentally lost your personal details to a phishing scam.

5. Avoid downloading a QR code scanner app

There’s an app for everything these days, but it’s key to be aware of which apps may be malicious and which aren’t. Generally speaking, there’s no need to download a specific QR code scanning app, as most phones have this feature built into their camera apps.

If you are set on downloading one, check – and then check again – that it is from a reputable and trustworthy source otherwise, your sales shopping could be cut short.