QR codes - are they safe to scan?

Photograph of smart screen on counter scanning a QR code shown on a mobile phone. Parmenion's Spotlight on Infosec logo sits in the middle

In our latest article putting the spotlight on Information Security, Sarah Coles talks about the rising popularity of QR codes and how to stay safe using them

Quick Response (QR) codes have gained in popularity since the pandemic.

QR codes are two-dimensional bar codes that can be scanned by the camera on your smart device to direct you to websites, files, images, contact information, social media profiles or to make a payment.   

Businesses are incorporating them into their business cards, restaurants and bars use them to direct you to menus, and public transport services use them to guide you to timetables and wi-fi.

However, QR codes can be just like the phishing emails and texts that use hyperlinks to take you to malicious websites, downloads, and files.

As our confidence in using QR codes has grown, fraudsters have increased their use of QR codes to trick victims into giving away their personal or payment information, with several scams making headlines.  If you’re being offered free products or a deal sounds too good to be true, it’s probably a scam. Here’s some things to watch out for:

QR codes directing you to surveys

A woman in Singapore lost $20,000 whilst she slept after scanning a QR code in a bubble tea shop asking her to fill in a survey for a free drink [2].  The QR code directed her to install an app, which prompted for certain permissions to be allowed which enabled the scammers to control the phone screen and ultimately log into her banking app.

QR code used in parking scam

In April, the Isle of Wight Council issued a warning to its drivers after several reports of money being taken out of their accounts [1].  Scammers placed QR codes next to car park meters, with victims taken to a fake website stealing their bank details. 

HMRC impersonation scam

After HMRC began using QR codes in welcome letters sent by post and online accounts (in an effort to help people complete payments using a mobile phone), scammers started to send emails impersonating HMRC with QR codes demanding payment.  HMRC has confirmed it will NOT send QR codes by email, so communications like this can now be ignored.

How to avoid being scammed

In general, if you’re just scanning a QR code to view information, there’s little risk.  The danger is in what you do afterwards.

Think of QR codes as you would unsolicited email attachments.  Once you’ve scanned the code, take a moment to consider what information is being asked from you before you take any further action and ask yourself, ‘does it seem legitimate?’

  • Don’t download a third-party app or file from a QR code unless you’re certain it’s authentic.
  • Don’t grant permissions for anything after scanning a QR code, like permissions to access your phone’s camera, microphone, location or accessibility functions.
  • Avoid making payments from a website accessed via a QR code. Instead find the legitimate company through your search engine and make the payment this way.
  • Check if the company in question uses QR codes – if you’re unsure, call and check if it’s genuine but use your search engine to find their contact details.

[1] Parking scam warning 

[2] Woman loses $20,000 whilst she slept

This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.

Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.  

Speak to us and find out how we can help your business thrive.