Football fans have been urged to be alert for malicious QR codes in pubs as they watch England vs Switzerland in the Euro 2024 quarter-finals this weekend.
Experts have revealed a rise in fake QR codes since self-ordering has become the norm over the pandemic, and fake codes are being pasted on tables in an attempt to trick customers.
Fans may think they are ordering a round of drinks, but could actually be giving away their debit card information to fraudsters.
Scammers stick fake QR codes on tables in pubs, often over a legitimate one, that directs the customer to a malicious website, either designed to install malware on their device or steal their credit or debit card information by pretending to take their order.
And it is not only in pubs fake QR codes are spreading, quishing, as it is often known, is also happening in car parks, on street signs and posters.
Some cybercriminals take a more traditional route, sending QR codes in emails and encouraging victims to scan them.
In 2023, according to one study, 22% of scams involved QRs.
John Clark, product manager at takepayments said: ‘Unfortunately we’ve seen a rise in scams ever since self-ordering became the norm during the pandemic.
‘It’s important to stay vigilant when using a QR code to pay for your drinks at the pub.’
NordVPN told Metro.co.uk that around 72% of Brits do not check codes before scanning them, and around 77% of people are actively using QR codes in the UK.
The security firm reveals that more than three million people say they have previously been directed to a website they deemed untrustworthy after using a QR code.
Of those who ended up on dubious sites, one in six (16%) fell prey to cybercriminals and had their personal data stolen.
How to spot a QR code scam
Marijus Briedis, chief technology officer at NordVPN, said: ‘In our increasingly digital landscape, QR codes have become indispensable for their convenience in various daily tasks, from connecting to Wi-Fi in coffee shops to streamlining orders at restaurants.
‘However, blindly trusting QR codes can inadvertently expose users to cyber scams. It’s vital to approach them with caution and awareness of potential risks.’
He recommends that people use a dedicated QR code scanning app instead of the default camera app for added security measures. He said these apps can often detect malicious sites or software.
Mr Clark said there are certain things to keep an eye out for when trying to spot a fake QR code without the help of an app.
There should be a Secure Socket Layer (SSL) certification on the site and any website from the QR code should begin with ‘https://’. A padlock icon should appear next to the URL and the name of the website should match the business name.
When scanning the code, try to notice if the code’s branding matches the business’s branding, and try to spot if it has been stuck on over another sticker.
What to do if you have fallen victim to a text scam
If you think you have been a victim of a text scam, report it to Action Fraud as soon as possible, which can be done by calling 0300 123 2040 or visiting the Action Fraud website.
Reports of fraud and any other financial crime in Scotland should be made to Police Scotland via 101.
It is also important to notify your bank as soon as possible of any potential fraud activity that may show up on your bank details to protect you from further financial loss.
Strong Customer Authentication (SCA) compliance is a legal requirement and you can see if a website is SCA-compliant if they ask you for two levels of authentication when making a purchase, like a one-time passcode, face recognition or a mobile number.
And when possible, experts recommend making use of a specific payment platform app or use a business’s own app which should be available on the App store or on Google Play.
If you do find yourself on an unrelated or suspicious website through a QR code, do not give away any personal information and leave the page immediately.