Latest news with #QRcodes
Yahoo
5 days ago
- Business
- Yahoo
Is that QR code actually a scam? Here's what to know about 'quishing' before you scan
If it seems like QR codes are everywhere these days, that's because, well, they are. Thanks to a surge in popularity during the COVID-19 pandemic, these scannable codes are being used by businesses and brands for everything from payments and registrations to advertising and information. You'll see them in restaurants in place of paper menus, on product packaging, on signposts, on parking meters — and even on trees. But with success comes cybercrime — or in this case, QR code "quishing" (think phishing ... with a q). Just this week, the agency in charge of Montreal's parking meters warned of potentially fraudulent QR codes posted on its signs that might direct people to malicious websites. Last year, a similar warning was issued in Ottawa, and officials warned people who may have scanned them to check their credit card information. As cases of QR code fraud are starting to pop up, and with some officials warning consumers to take pause, you may be wondering if it's ever safe to scan those familiar little black and white squares and follow the link. With that in mind, here's what you need to know about QR code scams and how to avoid them. What are QR codes? QR codes, or quick response codes, are a type of bar code that's scannable by digital devices like smartphones through their camera lens. They typically contain information, such as a link to a website. One of the most popular uses is for payment, where the market is expected to reach $35.07 billion US globally by 2030, with a 16.1 per cent compound annual growth rate, according to a 2024 report by Allied Market Research. But just as the report predicted "massive adoption" of QR codes for payment, it noted that "rising data breaches and security issues limit the growth." How do the scams work? It's called "quishing," and experts have warned it can be highly effective when the codes are posted in credible places. "QR code usage is so commonplace, and many users just scan them and hardly pay attention to where they're going," said Tom Arnold, a cybersecurity expert who lectures on digital forensics and incident response at San Jose State University and the University of Nevada, Las Vegas. QR codes can be stuck on public signs, defaced websites, phishing emails, text messages and even placed into photo images, Arnold, who is also a digital forensics investigator, told CBC News. They're a "great way" for attackers to hide the URL or location they're sending people to, Arnold said. Fraudsters claiming to be a service provider, government agency or financial institution use QR codes in various scams to steal personal information, money or both, the Canadian Anti-Fraud Centre (CAFC) explained in an email. "Similar to fraudulent links or URLs, QR codes can be inserted into emails and texts to direct potential victims to fraudulent or malicious websites," a CAFC spokesperson said. WATCH | Fake QR codes are popping up on Montreal parking meters: Have there been many cases? In 2023, the U.S. Federal Trade Commission warned consumers that scammers are hiding harmful links in QR codes to steal personal information, using everything from parking meters to text messages. Last year, the Canadian Centre for Cyber Security, part of Communications Security Establishment Canada, issued a similar warning in a publication on security considerations for QR codes, saying there's a potential for "threat actors to leverage QR codes to infect devices with malware, steal personal information, or conduct phishing scams." The Canadian Banking Association also warns about potential QR code scams. That said, there haven't been a lot of cases in Canada, although experts say that could change. The CAFC said it's had just 10 reports related to QR code phishing since 2024. CBC News has previously reported on two recent incidents: the parking meters with fraudulent QR codes in Montreal and Ottawa. And last August, the RCMP in Red Deer, Alta., warned residents of QR code scams, saying in a news release it discovered some recent cases of QR codes that, when scanned, bring the user "to a website that contains malware. This malware can obtain your banking information and other sensitive information." In one case, someone had received a package of luxury goods that they had not ordered, the RCMP said, and when they opened the package, there was an attached note directing them to scan the QR code. Could it get worse? Kwasi Boakye-Boateng, deputy director of research and training with the Cyber Attribution Data Centre, located at the University of New Brunswick's Canadian Institute for Cybersecurity, said he thinks QR code scams are poised to become a major problem. "I wouldn't be surprised if it's something that's catching on now. It's because no one is paying attention to it. And usually attackers would always find the easiest means to acquire any information that would give them a financial advantage," Boakye-Boateng said in an interview. It's also become easy for people to design apps, tools and websites that look legitimate, especially using artificial intelligence, he said. And if the scammer is well resourced, it may not even be possible to trace it back to them, Boakye-Boateng said. "They can cover their tracks." LISTEN | Could that QR code menu be a scam?: What are the warning signs? Experts say you should carefully check the URL of where the QR code is directing you, since that can indicate whether it's a potential scam. Hovering over the code with your camera without actually clicking will usually show you the link, the CAFC said. For instance, Arnold said, the URL for a fraudulent QR code that looks like it's sending you to TD Bank might look like this: Adding a bunch of %20s allows the attacker to hide the fact they're actually sending you to he explained. Any enticement that uses a sense of urgency is an immediate red flag, Arnold said, such as a QR code to buy last-minute tickets for a concert. In general, any unsolicited message of any type that prompts a user to scan a code should be considered a risk, he said, and lone QR codes that are just stuck on a wall or light post should never be scanned. Some scammers will place stickers over legitimate QR codes in public spaces, like on parking meters and posters. As a safe practice, try scratching the code or scraping your fingernail over it to see if it might have been pasted on, Boakye-Boateng said. If you think you've fallen victim to a scam, call the police, he said. "You have to be very diligent now."
CBC
5 days ago
- Business
- CBC
Is that QR code actually a scam? Here's what to know about 'quishing' before you scan
If it seems like QR codes are everywhere these days, that's because, well, they are. Thanks to a surge in popularity during the COVID-19 pandemic, these scannable codes are being used by businesses and brands for everything from payments and registrations to advertising and information. You'll see them in restaurants in place of paper menus, on product packaging, on signposts, on parking meters — and even on trees. But with success comes cybercrime — or in this case, QR code "quishing" (think phishing ... with a q). Just this week, the agency in charge of Montreal's parking meters warned of potentially fraudulent QR codes posted on its signs that might direct people to malicious websites. Last year, a similar warning was issued in Ottawa, and officials warned people who may have scanned them to check their credit card information. As cases of QR code fraud are starting to pop up, and with some officials warning consumers to take pause, you may be wondering if it's ever safe to scan those familiar little black and white squares and follow the link. With that in mind, here's what you need to know about QR code scams and how to avoid them. What are QR codes? QR codes, or quick response codes, are a type of bar code that's scannable by digital devices like smartphones through their camera lens. They typically contain information, such as a link to a website. One of the most popular uses is for payment, where the market is expected to reach $35.07 billion US globally by 2030, with a 16.1 per cent compound annual growth rate, according to a 2024 report by Allied Market Research. But just as the report predicted "massive adoption" of QR codes for payment, it noted that "rising data breaches and security issues limit the growth." How do the scams work? It's called "quishing," and experts have warned it can be highly effective when the codes are posted in credible places. "QR code usage is so commonplace, and many users just scan them and hardly pay attention to where they're going," said Tom Arnold, a cybersecurity expert who lectures on digital forensics and incident response at San Jose State University and the University of Nevada, Las Vegas. QR codes can be stuck on public signs, defaced websites, phishing emails, text messages and even placed into photo images, Arnold, who is also a digital forensics investigator, told CBC News. They're a "great way" for attackers to hide the URL or location they're sending people to, Arnold said. Fraudsters claiming to be a service provider, government agency or financial institution use QR codes in various scams to steal personal information, money or both, the Canadian Anti-Fraud Centre (CAFC) explained in an email. "Similar to fraudulent links or URLs, QR codes can be inserted into emails and texts to direct potential victims to fraudulent or malicious websites," a CAFC spokesperson said. WATCH | Fake QR codes are popping up on Montreal parking meters: Fake QR codes are popping up on meters — don't scan them, says Montreal parking agency 2 days ago Have there been many cases? In 2023, the U.S. Federal Trade Commission warned consumers that scammers are hiding harmful links in QR codes to steal personal information, using everything from parking meters to text messages. Last year, the Canadian Centre for Cyber Security, part of Communications Security Establishment Canada, issued a similar warning in a publication on security considerations for QR codes, saying there's a potential for "threat actors to leverage QR codes to infect devices with malware, steal personal information, or conduct phishing scams." The Canadian Banking Association also warns about potential QR code scams. That said, there haven't been a lot of cases in Canada, although experts say that could change. The CAFC said it's had just 10 reports related to QR code phishing since 2024. CBC News has previously reported on two recent incidents: the parking meters with fraudulent QR codes in Montreal and Ottawa. And last August, the RCMP in Red Deer, Alta., warned residents of QR code scams, saying in a news release it discovered some recent cases of QR codes that, when scanned, bring the user "to a website that contains malware. This malware can obtain your banking information and other sensitive information." In one case, someone had received a package of luxury goods that they had not ordered, the RCMP said, and when they opened the package, there was an attached note directing them to scan the QR code. Could it get worse? Kwasi Boakye-Boateng, deputy director of research and training with the Cyber Attribution Data Centre, located at the University of New Brunswick's Canadian Institute for Cybersecurity, said he thinks QR code scams are poised to become a major problem. "I wouldn't be surprised if it's something that's catching on now. It's because no one is paying attention to it. And usually attackers would always find the easiest means to acquire any information that would give them a financial advantage," Boakye-Boateng said in an interview. It's also become easy for people to design apps, tools and websites that look legitimate, especially using artificial intelligence, he said. And if the scammer is well resourced, it may not even be possible to trace it back to them, Boakye-Boateng said. "They can cover their tracks." What are the warning signs? Experts say you should carefully check the URL of where the QR code is directing you, since that can indicate whether it's a potential scam. Hovering over the code with your camera without actually clicking will usually show you the link, the CAFC said. For instance, Arnold said, the URL for a fraudulent QR code that looks like it's sending you to TD Bank might look like this: /TDlogin. Adding a bunch of %20s allows the attacker to hide the fact they're actually sending you to he explained. Any enticement that uses a sense of urgency is an immediate red flag, Arnold said, such as a QR code to buy last-minute tickets for a concert. In general, any unsolicited message of any type that prompts a user to scan a code should be considered a risk, he said, and lone QR codes that are just stuck on a wall or light post should never be scanned. Some scammers will place stickers over legitimate QR codes in public spaces, like on parking meters and posters. As a safe practice, try scratching the code or scraping your fingernail over it to see if it might have been pasted on, Boakye-Boateng said. If you think you've fallen victim to a scam, call the police, he said. "You have to be very diligent now."
CBC
15-07-2025
- CBC
Fake QR codes are popping up on metres — don't scan them, says Montreal parking agency
The agency in charge of parking in the city hung signs on metres to encourage people to download their new parking app, Mobicité. Some of the signs were vandalized with fake QR codes, which might direct people to a fraudulent website.
The Australian
01-07-2025
- Business
- The Australian
Cost of living kills the pub shout
The humble pub shout is tipped to be a thing of the past as younger Australians shy away from it thanks to the help of a simple technology. Australians are using QR codes as a way of individually ordering drinks at the table, ending the classic pub shout, research released by payments platform Tyro shows. The QR code that came in post Covid has changed the way people buy drinks. Picture: NewsWire / Jeremy Piper Tyro chief executive Jon Davey said the pub shout may become a thing of the past, as younger Aussies are quick to adapt to new ways of payment. 'Both (millennials and Gen Z) are more accustomed with modern ways of paying – these consumers are now used to paying individually at the table while they socialise rather than relying on one person to order for the whole group at a crowded bar,' he said. According to the findings, millennials are the least likely to buy a friend a drink, with 42 per cent opting against that tradition, followed by Gen Z and Gen X. Baby boomers are the most likely to shout a friend, but still one in three use QR codes as a way to avoid buying drinks. The report also highlights cost-of-living pressures are clearly having an impact on Australians' spending patterns, with nearly one in two Aussies changing their alcohol consumption due to costs, while one in 10 have quit the drink altogether. Beyond drinking, more than half are now comparing prices, delaying non-essential purchases or hunting for discounts. Not only are millennials the least likely to buy a drink for their friends, they are also the most annoyed at having to pay a holiday surcharge. Australians say QR codes are making it easier to avoid a shout. Picture: NewsWire / Christian Gilles, Gen Z and baby boomers represent more than 50 per cent of those willing to pay holiday surcharges to keep their local open, but only 19 per cent of millennials are happy to pay extra. The Agrestic Grocer and Cafe owner Beau Baddock said these charges were essential for business. 'Holiday surcharging isn't about making a profit, it's about ensuring I can pay my hardworking staff their wages … I also want to provide visitors and locals with somewhere to go. If we don't on-charge our extra wage costs, we'd have to close,' Mr Baddock said.
News.com.au
01-07-2025
- Business
- News.com.au
Cost of living and tech combine to end classic pub tradition
The humble pub shout is tipped to be a thing of the past as younger Australians shy away from it thanks to the help of a simple technology. Australians are using QR codes as a way of individually ordering drinks at the table, ending the classic pub shout, research released by payments platform Tyro shows. Tyro chief executive Jon Davey said the pub shout may become a thing of the past, as younger Aussies are quick to adapt to new ways of payment. 'Both (millennials and Gen Z) are more accustomed with modern ways of paying – these consumers are now used to paying individually at the table while they socialise rather than relying on one person to order for the whole group at a crowded bar,' he said. According to the findings, millennials are the least likely to buy a friend a drink, with 42 per cent opting against that tradition, followed by Gen Z and Gen X. Baby boomers are the most likely to shout a friend, but still one in three use QR codes as a way to avoid buying drinks. The report also highlights cost-of-living pressures are clearly having an impact on Australians' spending patterns, with nearly one in two Aussies changing their alcohol consumption due to costs, while one in 10 have quit the drink altogether. Beyond drinking, more than half are now comparing prices, delaying non-essential purchases or hunting for discounts. Not only are millennials the least likely to buy a drink for their friends, they are also the most annoyed at having to pay a holiday surcharge. Gen Z and baby boomers represent more than 50 per cent of those willing to pay holiday surcharges to keep their local open, but only 19 per cent of millennials are happy to pay extra. The Agrestic Grocer and Cafe owner Beau Baddock said these charges were essential for business. 'Holiday surcharging isn't about making a profit, it's about ensuring I can pay my hardworking staff their wages … I also want to provide visitors and locals with somewhere to go. If we don't on-charge our extra wage costs, we'd have to close,' Mr Baddock said.
