Acebo Insights


Inverse QR codes alert and security best practices

QR codes fraud

Public concern about QR codes was raised last summer when a new QR fraud was detected in Sevilla (Spain). This malicious technique called “inverse QR” allows fraudsters to steal data and money from their victims, who actually think they are the ones receiving the payment.

What happened exactly?

 In a restaurant in Mairena del Aljarafe, a scammer pretended to make a payment with a legitimate-looking bank QR code. However, it turned out to be a fraudulent code: instead of paying, he was actually getting money from the victim, a waiter (making them pay the bill). 

 So, this social engineering attack aims to dupe users into handing over their personal and bank details.

How to avoid getting duped

The OSI, Oficina de Seguridad del Internauta, alerts population about possible fraudulent activity related to QR codes and inform about how to prevent it.

Check the code and the URL
    • Whenever you are about to scan a QR code, take a good look: Is it a counterfeit? (Check for any irregularities) Is it posted in a public place?
    • If the code doesn’t look safe, you better type the URL in manually.

    • There are some apps (Link Preview Generate or URLVoid) that allow users to take a sneak preview and verify if the URL looks OK.
Trust “HTTPS”

You should only visit a URL with https:// in front of the link. (SSL-certified and encrypted sites)

Do not hand over any private data

It is much safer to use your usual bank app or type the complete URL if you have to introduce any passwords or perform a payment.

Consider other security apps

Kaspersky or QR Scanner, for example, ensure a safe code reading before activating it.

Some popular QR codes

Well, so these black-and-white squares that contain encoded data are part of our lives. And because they can be scanned and read, they offer a “quick response”.

They can lead us to a website, questionnaire, a landing page. In fact, they offer lots of possibilities. Their use has spread even further for health reasons during the past two years.

 Both businesses and consumers find QR codes very convenient.

Let’s see some everyday examples:

    • More and more restaurants are offering digital menus, as they are more hygienic and environmentally friendly.
    • Most theatres and cinemas have digital programs and tickets. People can read, choose and by them at any time.
    • Public transportation with QR code validators is something common right now. Passengers don’t have to bring the exact amount of cash to pay. Therefore, less contact and less queueing.
    • They are also used as a contactless method of payment.

Wrapping up: Are QR codes safe to use?

As many people nowadays own a smartphone, QR codes aren’t something new for anybody. 

As QR code adoption becomes more popular, it’s crucial to make sure that all of us follow QR code security best practices.

You may also like…

Linkedin for B2B

Linkedin for B2B

Networking has never been easier (or even that fun). Nowadays, we can network almost everywhere (as long...

read more