IT expert issues warning over QR code scam

An IT expert at True MSP has issued a warning about a QR code scam, which is catching out unsuspecting motorists across the country.

The scam involves criminals covering up genuine QR parking codes on car park payment signs.

The new QR code then directs the unsuspecting motorist to a scam website for payment.

After being directed to the fake car parking payment website, the unsuspecting motorist willingly hands over their card details and the fraud is complete.

Victims are finding themselves out of pocket, in some cases to the tune of thousands of pounds.

Cyber and IT expert Neil Shaw, director at True MSP, said: “This is the latest in a long line of scams targeting different sectors of the community. This time it is motorists who are at risk, and it is easy to get duped.”

“QR codes are a blessing and a curse. They are a fantastic way of reaching websites, apps or data quickly when used correctly but the user has no way of knowing where they are being directed until they have scanned the code, by which time it is too late.

“You just can’t exercise due diligence as you would with a clear web address.

“Criminals will try to manipulate you by gaining your confidence on the back of the good reputation and good will of legitimate companies – as in the case of these car park scams.

“However, if you are in an open or public space where the code could have been tampered with, or if you are not 100% sure where the code has come from, be vigilant and please don’t click.”

“In my cyber-crime workshops, I demonstrate just this point.  After giving participants cyber-safety advice, I offer them a QR Code for more information.

“This takes them to a dummy website that comes up with the words ‘gotcha’. It’s a light-hearted prank but has a serious message.”

Neil said he would like to see QR codes in the public sector die out.

However, he stresses that in the right situation, and correctly used behind a securely accessed password protected system, they are a great way to direct a user to information quickly.

He said: “If you’re in a password protected site, perhaps your bank, and you’ve already used your password to enter, then you’re pretty safe to click.

“Unfortunately, outside of a secure site, there is only one thing that the public can do to protect themselves and their hard-earned cash from a QR code scam and that is don’t scan the code.”