QR Code Scams Are on the Rise

While not quite as ubiquitous in 2024 as they were shortly after the pandemic, QR codes offer convenient access to websites, without having to type in the address yourself. But as useful as they can be, they aren’t infallible. In fact, they can be hijacked for malicious purposes.

QR code scams are not necessarily new. However, big banks are currently issuing warnings about bad actors using these codes for phishing scams. Victims are sharing sensitive financial information with these scammers, in schemes known as “quishing.”

There are two main ways quishing scammers trick you into scanning these malicious codes: Either they overlay their malicious QR code on top of a legitimate one (say, place their QR code over a code typically used to pay for parking) or they send you a QR code as an email attached to a PDF. Why attach the code to a document, rather than the email itself? Security experts suggest this tactic bypasses many cybersecurity filters, so there’s a better chance the code ends up in your main inbox.

Whether you encounter the code in the wild or in your inbox, scanning the malicious code will take you to a false website, which either tricks you into downloading malware onto your device, or tries to get you to share your financial information.

These banks, which include names like Santander, HSBC, and TSB, don’t know how widespread these scams have been, but a survey from McAfee suggests that more than one fifth of all UK online scams likely started from QR codes.