The scannable shortcut we almost bid farewell to, has made a dramatic comeback, all thanks to the global pandemic. Yes, you guessed right – I’m talking about QR code. Social distancing guidelines and trends like ‘contactless-everything’ have popularised the pixelated mosaics and their slick, simple use only makes their case stronger.
Their widest use is in the contactless payment ecosystem – ‘Scan the QR code below and pay’. A QR (Quick Response) code is a two-dimensional barcode that is easily read by smartphones – all you need is a camera and an app to read the code.
While they have emerged as a convenient way to promote contactless technology, users lack the necessary knowledge on how to spot a fraudulent one.
How are Scammers Using the QR Code for their own good?
While over-the-counter scanning poses less of a risk, scammers have found new, creative ways of deception. One way of doing this is by sending people texts like – ‘Congrats on winning Rs 5,000’ along with the picture of a QR code. The message will urge you to scan the code, enter the amount, followed by your UPI PIN to ‘receive’ the cash in your account.
In this scam, gullible people believe that this will credit money in their account, but this does just the opposite. You don’t end up ‘receiving’ but actually ‘paying’ the fraudster the amount.
Another tactic is by embedding fake QR codes into a phishing email, text, or via social media. Upon scanning the bogus code, users are directed to websites with realistic-looking landing pages, where the victim may be prompted to login by entering PII (personally identifiable information).
How to Identify the Scammers
It’s critical to pay close attention, even to small details while making payments or transactions using QR codes. It is best to pay using these, only insecure and familiar environments. Remember that the risks of scanning an unknown QR are like clicking on links in unknown messages – treat a QR code like any other link – don’t follow it if you don’t fully trust the source.
Once you scan the QR, a pop-up to view its embedded URL must emerge. If there is no URL, or if it seems like a shortened one (like bit.ly) – be cautious. It’s best to install a QR scanner that checks or displays the URL before it follows the link.
Although the QR codes themselves are a secure and convenient mechanism, we expect them to be misused by cybercriminals in 2021 and beyond. Knowledge of QR code fraud may lag significantly today, but vigilance on our part will ensure the difference between the QR code being scanned and us being scammed.