QR codes have become a popular way to open websites and pay for products and services. But not all of them are secure. Cyber criminals can use QR codes to steal personal and bank details. Here we tell you what you can do to avoid QR scams.

Quick response or “QR” codes are like barcodes. When we scan them with a mobile phone camera, a link to the information they hold appears.

In today’s digital world, QR codes are used to browse restaurant menus, to connect to public Wi-Fi, to pay for parking, and to redirect users to a website.  

For cyber criminals, the QR code fad creates an opportunity to steal people's identities or hack into their bank accounts and make off with their money.

QR code scams

QRshing is a form of phishing. It uses QR codes to send users to a fake website that spreads malware or elicits confidential information. Cyber criminals posing as real companies send phishing emails with a QR code and ask users to scan it. Then, they attempt to obtain information or spread virus-infected files.

Another common scam is the false QR code stuck on top of an original one, like in restaurants and street advertising. False QR codes can even be found on parking meters, linking to a credible but fake payment site to steal money or credit card information.

Scams that use inverted QR codes are also gaining traction. Scammers first create a malicious code and then use it as a presumed payment method. But the code does exactly the opposite: it solicits money from whoever scanned it. Instead of paying the merchant for an item or service, the malicious QR code makes the merchant pay the scammer. This type of scam is also used to steal personal information and bank details.

How to avoid a QR scam

• Before scanning a QR code, like in a restaurant or some other public space, check that it hasn’t been tampered with or got a sticker placed over an original code.
• Installing anti-virus software to verify original QR codes that do not contain malicious links will help you avoid having a virus or other malware downloaded onto your mobile.
• Double-check the preview of the QR code link. When you scan a QR code, a preview of the URL should appear. Make sure the website address is legitimate. Look for a padlock symbol and an address that begins with “https://”. Only those URLs are secure.
• Think twice if the app or website you’re being directed to asks you to provide personal details. If it does, make sure it’s authentic.

Helping Santander customers fight cyber scams

Santander runs several initiatives to help customers and users understand the features of digital tools and the risks of using them irresponsibly. We use financial education to boost the general public’s knowledge of household finances, cyber security and digitalization. What’s more, our innovative cyber heroes initiative and cyber security podcast Titania are helping us get closer to younger generations. Our main aim is to give people the know-how they need to manage their finances properly.