The fraudulent ‘quishing’ scams targeting concert-goers

By placing fake QR codes over the genuine article, ‘quishing’ results in the customer being directed to a bogus website, where they unwittingly enter their personal information

Thu, 04 Jul, 2024 - 10:11

John Daly

In a summer where demand for tickets to upcoming major musical events like Electric Picnic, Coldplay and Elvis Costello continues to rise, the prospect of getting scammed by fraudsters is an evolving problem facing consumers.

Taking advantage of customers ordering through digital menus by placing fake QR codes over the genuine article, this new form of fraud called ‘quishing’ results in the customer being directed to a bogus website, where they unwittingly enter their personal information. QR codes, which are recognisable as a square-shaped grid storing links to an app and read by a smartphone, allow access to product information or a menu, send or receive a payment, log into an account or loyalty program.

Security firm Keepnet Labs reported that quishing attacks have increased by over 270% monthly, leading to an overall growth of over 3240% in a year. “This method of social engineering has become increasingly prevalent and hazardous, as 29% of emails aimed at different industries include malicious QR codes. Quishing attacks have exceeded 100 million incidents, affecting every sector without exception.”

Being a quishing victim can mean that scammers can access personal data, can download malware onto your phone, or even reroute a payment intended for a legitimate recipient.

Prior to last week’s Taylor Swift concerts in Dublin, Bank of Ireland urged music fans to be alert to messages or adverts for tickets to sold-out events. Scammers try to lure consumers by offering them tickets, often through a social media post or online advert.

Cork mum loses out on €580 in Taylor Swift ticket scam

Unwitting consumers are asked to pay directly, sending money from their bank account to another via bank transfer, which provides little protection. Once the payment is transferred, the seller usually cuts all contact, and the ticket never arrives.

Nicola Sadlier, Head of Fraud at Bank of Ireland, said: “At times like this, fraudsters are hoping your heart will overrule your head. They are counting on people being so keen to get to see their favourite artist play that they ignore the warning signs and take a chance on the offer of a ticket even if it sounds too good to be true.

Never, ever take that chance. Our advice is when you are buying online, only buy items from reputable sites. Scammers know certain tickets are very much in demand — so don’t get carried away if a message or advert pops up for a popular gig.

If something sounds too good to be true, it’s probably fraud. If you find yourself targeted, our advice is to act quickly and contact your bank immediately so they can try to stop the payment.

"Scammers can strike when least expected and we want people to be alert to the danger so they don’t end up at a loss.”

What to look out for includes:

tickets for sold-out gigs or for prices which are too good to be true;
the seller is looking for a quick sale;
being pressurised into making a quick decision;
and not giving the opportunity to see the ticket in person.

If you think you’ve been the target of a scam, contact your bank immediately so that they can try to take action to stop a fraud in progress and potentially recover funds.