• Latest
Fraudulent Use of QR Codes On The Rise

Fraudulent Use of QR Codes On The Rise

August 22, 2022
Policy Abuse Fraud: What Is It and How to Protect Against It

nSure.ai Delivers Growth to Digital Commerce Leaders and Boosts YoY Revenue by 280%

January 25, 2023
Fraugster and Refurbed partner to increase approval rates and reduce fraud for refurbished electronics marketplace

Sift Appoints Former Ping Identity COO Kris Nagel as CEO

January 20, 2023
Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

January 19, 2023
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: How to Stop Return Policy Abuse Fraud

January 10, 2023
How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

January 6, 2023

Anti-money laundering: Frequently Asked Questions

January 3, 2023
Card Not Present Fraud: How Companies Lose Nearly $10 Billion Per Year

Chargeback Fraud: How to Prevent it and What to Do if it Happens

January 1, 2023
Tailgating cybersecurity threat prevention

Tailgating cybersecurity threat prevention

December 30, 2022
AuthenticID Announces Partnership with Milk & Honey Labs

Axerve Partners With ACI Worldwide to Help eCommerce Businesses Grow Revenues in the U.K.

December 27, 2022
Best Risk Management Software

Best Risk Management Software

December 26, 2022
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: Know Your Customer. Or else.

December 20, 2022
Account Takeovers

Account Takeovers

December 11, 2022
  • Contribute
  • Contact Us
  • About
  • Join Us
  • Advertise
Friday, January 27, 2023
Merchant Fraud Journal
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
Merchant Fraud Journal
No Result
View All Result

Fraudulent Use of QR Codes On The Rise

This article was contributed by Shawn Colpitts, Senior Fraud Investigator at Just Eat Takeaway.com

by Bradley
August 22, 2022
in Articles, Fraud Prevention
Fraudulent Use of QR Codes On The Rise

QR code fraud is scams fraudsters run with via the little two-dimensional square-speckled boxes called QR Codes (Quick Response Codes). They have grown from use specific to the automotive industry to all sorts of applications.

The onset of the pandemic and lockdowns have led to a more contactless world. We have all experienced the shift to online purchases, cashless payments and physical distancing wherever and whenever necessary.

That has led to an evolution of and increased emphasis on digital frauds, including QR code fraud, for both bad actors and our teams.

Why QR code fraud is a problem hidden in plain sight

QR codes have been around for years, but with global societal no-touch policies, their use has increased. We’re mostly familiar with their use to advertise everything to the masses and confirm different Covid-related details. They are on business cards, posters, menus, buildings and carried with many of us as proof of vaccination.

These simple little matrices have so much potential for good and harm. Of course, our industry is concerned with the latter and it has been seen to be rising due to the altered state of the world. Their recent commonality has led to a general level of trust amongst the global population. People see them everywhere and used by everyone, so they simply trust them to be safe.

However, both the Better Business Bureau and FBI have released alerts regarding the dangers of QR code fraud and ease of their use for nefarious purposes.

The use of mobile devices to decipher and use these links plays into the effectiveness of the schemes that abuse them. Actions through a phone are believed to be safer, when they really are not, and users push things through, wanting them to be fast. Being on a mobile device can often mean the user is out in public or distracted, just wanting the desired outcome to happen. There is little to no scrutiny.

Outside of the lack of caution when it comes to QR Code use, depending on how you are accessing it, there is very little information available to determine if the link is malicious or not. Many scanning applications automatically access the path presented by the code without displaying it to be reviewed before accessing it. Some schemes involving these efforts do not even need to access a URL but perform a function right through the device when scanned.

QR code fraud scams

There are several ways that a fraudster can commit QR code fraud.

They could simply create their own QR Code from any free generator on the Internet and add it to any form of false advert or marketing scheme to trick people into scanning them. These mostly advertise offers that are too good to be true, like high value merchandise looking to be from genuine vendors but priced extremely low, usually with a short window of opportunity available to purchase, but people believe them. They can be online, on flyers, stickers stuck to anything and more. QR Codes have even been seen to just be randomly placed on things with no details and people still scan them.

Fraudsters will also try to manipulate existing QR Codes to link to what they want. They will stick their QR Codes overtop legitimate ones, hoping that someone will scan and access them, thinking that it is from the real offering or information provider. This is called “attagging,” a combination of “attack” and “tagging.”

QR Codes are used to access anything that has an online path or programmable push. They can direct the scanner to malicious websites, apps and payment screens. They can automate actions from your device like installing malware, sending emails and adding contacts. There have been reported instances of QR code fraud where the access of a QR code relinquished complete control of the users’ devices to the fraudster.

Fraudsters are making use of this technique because it is very easy to set up and use with the potential of a high payoff. It has been proving to be very effective and could be one of the reasons for the global increase of account takeovers.

Most of the links are similar to those we see in common phishing scams. The sites are set up to look legitimate and request the user to login and/or enter personal details. Some will link directly from the advert to a payment page that prompts the victim to enter their card details and information to complete the fake purchase. Others may ask the user to download malware masked as an app. There are so many possibilities. We have made it too easy.

How do we protect everyone from QR code fraud? Well, we can’t. We can educate, but users must be cautious on their own.

How to avoid QR code fraud

The FBI has released this list of tips to avoid falling victim to QR code fraud:

  • Double-check the URL of any site pulled up with a QR code to make sure it’s legitimate: “A malicious domain name may be similar to the intended URL but with typos or a misplaced letter,” the FBI added.
  • Before engaging with a QR code, check to make sure the code itself hasn’t been tampered with. The FBI suggests looking for evidence a sticker has been slapped over the original code.
  • The alert also cautions users against downloading an app from a QR code rather than the application store, which has more security protections.
  • Do not download a QR code scanner app: The FBI said, “this increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.”
  • Don’t make payments to a site accessed by a QR code, if possible.
  • If you receive a QR code that you believe to be from someone you know, reach out to the person through a known number or address to verify that the code is truly from them.

So, when you see that nifty little poster with the QR code on it, be sure to check whether or not you completely trust it before accessing.

—

This article was contributed by Shawn Colpitts, Senior Fraud Investigator at Just Eat Takeaway.com

Tags: QR code fraud
ShareTweetShareSend
Previous Post

10 Best OSINT Tools

Next Post

New Podcast: Free money, fraud problems.

Next Post
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: Free money, fraud problems.

Our Latest Reports

2022 Chargeback Consumer Survey Report

Fraud Prevention Tactics that Enable Exceptional Customer Experience

Addressing Payment Fraud and The Customer Experience in 2022

2022 Fraud Trends Report

ATO Fraud In Retail Report

2022 Customer Experience Report

3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue

Digital Trust And Safety Report: Combating the Evolving Complexities of Payment Fraud

On-Demand Webinars

Balancing Customer Experience and Fraud Prevention: What’s the Secret?

Stopping Fraud Across the Customer Lifecycle

Addressing Payment Fraud and the Customer Experience in 2022

 

Get the 2022 Fraud Trends Report

MFJ 2022 Fraud Trends Report

Search Our Site

No Result
View All Result

Our Sponsors

Featured Directory Listings

  • logo
    NoFraud
  • SEON. Fraud Fighters
  • sift logo
    Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Our Sponsors

Fraud Industry News

Policy Abuse Fraud: What Is It and How to Protect Against It

nSure.ai Delivers Growth to Digital Commerce Leaders and Boosts YoY Revenue by 280%

January 25, 2023
Fraugster and Refurbed partner to increase approval rates and reduce fraud for refurbished electronics marketplace

Sift Appoints Former Ping Identity COO Kris Nagel as CEO

January 20, 2023
Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

January 19, 2023

Connect With Us

Quick Navigation

  • Home
  • News
  • Join Us
  • About Us
  • Contact Us
  • Advertise
  • Contribute
  • Privacy Policy

The Payments Media Network

Merchant Fraud Journal
Payments Review

Privacy Policy

Our Privacy Policy
Our Terms of Use

Resources

  • Articles
  • eCommerce Fraud Reports
  • eCommerce Fraud Webinars
  • Training and Certifications
  • Jobs Board
  • Associations and Non-Profits
  • Podcasts
  • Vendor Directory

Popular Posts

  • How to File a Claim With FedEx + What To Do If Claim is Denied

    How to File a Claim With FedEx + What To Do If Claim is Denied

    0 shares
    Share 0 Tweet 0
  • Top eCommerce Fraud Prevention Companies

    0 shares
    Share 0 Tweet 0
  • How Does Two-Factor Authentication (2FA) Work?

    0 shares
    Share 0 Tweet 0
  • How to Fight PayPal Chargeback Fraud

    0 shares
    Share 0 Tweet 0

Featured Vendors

  • NoFraud
  • SEON. Fraud Fighters
  • Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Download the 2022 Fraud Trends Report

No Result
View All Result
  • About Merchant Fraud Journal
    • Interested in Contributing or Guest Posting to Merchant Fraud Journal?
  • Advertise on Merchant Fraud Journal
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Contact Us
  • Download Addressing Payment Fraud and Customer Experience Report
  • Download Chargebacks Consumer Survey Report 2022
  • Download Evolving Complexities of Payment Fraud Report
  • Download Fraud Prevention Tactics that Enable Exceptional Customer Experiences Report
  • Download the 2020 Chargeback and Representment Report
  • Download the 2020 Merchant Fraud Journal Vendor Guide
  • Download the 2021 Fraud Trends Report
  • Download the 2022 Fraud Trends Report
  • Download the 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue Report
  • Download the MFJ 2022 Customer Experience Report
  • Download the MFJ ATO in Retail Report
  • Home
  • Job Dashboard
  • Join The Merchant Fraud Journal Community
  • Merchant Fraud Journal Advertising Agreement
  • MFJ Fraud Trends Report Giveaway
  • News
  • Post a Job
  • Privacy Policy
  • Resources
    • 2020 Chargeback Representment Guide for Merchants
    • 2020 Vendor Guide
    • 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue
    • Addressing Payment Fraud and the Customer Experience in 2022
    • Associations and Non-Profits
    • ATO Fraud In Retail Report
    • Balancing Customer Experience and Fraud Prevention: What’s the Secret?
    • Chargebacks Consumer Survey Report 2022
    • Digital Trust & Safety: Combating the Evolving Complexities of Payment Fraud
    • eCommerce Fraud Reports
    • eCommerce Fraud Webinars
    • Fraud Prevention Tactics that Enable Exceptional Customer Experiences
    • Fraud Prevention Training and Certifications
    • How to Build a Recession Proof Chargeback Prevention Strategy
    • How to Stop Fraud During the 2022 Holiday Season
    • Jobs Board
    • Merchant Fraud Journal’s Fraud Trends 2020 Report
    • Merchant Fraud Journal’s Fraud Trends 2021 Report
    • Merchant Fraud Journal’s Fraud Trends 2022 Report
    • MFJ’s 2022 Customer Experience Report
    • Podcasts
    • Prevent High-Velocity Fraud Attacks During the 2021 Holiday Season
    • Stopping Fraud Across the Customer Lifecycle
    • Vendor Directory
    • Webinar – Addressing Payment Fraud and the Customer Experience in 2022
    • Webinar – Mitigating Fraud and Risk on the ACH Network
    • Win January Chargeback Disputes
  • Subscribed
  • Terms and Conditions

© 2021 Payments Media Solutions Canada Inc.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?