Cyber agency issues warning to public over fake QR code scam
One type of scam involves criminals placing their own QR code on top of a legitimate one — such as those in restaurants, at parking payment points, and on public posters and leaflets. Picture: iStock
The State’s cyber security body is urging people to be aware of fraudsters using scam QR codes.
The National Cyber Security Centre (NCSC) said criminals were placing fake QR codes on legitimate ones in restaurants, parking payment machines, and even on public posters and leaflets.
This is in addition to well-known fraudulent ‘phishing emails’, but QR codes, which can bypass email security systems, tend to focus on suspicious links or attachments.
In a guide to the public, the NCSC said QR codes were “very easy to create” and could be scanned using a smartphone camera.
It said the convenient shortcut had led to the popular use of QR codes for accessing websites, menus and online payments.
“However, as QR codes have become more common, fraudsters now exploit them to scam people,” the NCSC said. “This is known as “quishing” [QR phishing], and like other phishing scams, it involves tricking people into visiting fraudulent websites.”
It said fraudsters did this to: steal account credentials, like usernames and passwords; and gather sensitive financial information, such as bank or credit card details.
The guide details two types of QR code scams. The first is sent in phishing emails, with the QR code typically in an image or in an attachment.
The second type involves criminals placing their own QR code on top of a legitimate one — such as those in restaurants, at parking payment points, and on public posters and leaflets.
The NCSC said many mobile phones lack security protections to spot this, making them an easy target.
The body advised people to use a trusted QR code scanning app that can block or warn against suspicious links.
It said if people think they have used a dodgy QR code to immediately change passwords, contact their bank and report it to gardaí.
An Garda Síochána, particularly the Garda National Cyber Crime Bureau (GNCCB), has issued warnings about rising QR code scams.
Fraudsters place fake QR codes in public spaces to trick users into entering personal and banking details on fraudulent websites.
- Verify the source before scanning a QR code—stick to trusted businesses and official websites.
- Check for tampering—scammers may place fake QR stickers over legitimate ones. Look for irregularities.
- Use a trusted QR scanner app—download from reputable stores like Google Play or the Apple App Store.
- Avoid entering personal or banking details—legitimate businesses rarely request sensitive information via QR codes.
- Manually enter URLs instead of scanning if you’re unsure about a QR code’s legitimacy.
- Avoid public Wi-Fi when scanning QR codes leading to payment sites—use a secure connection.
- Keep your smartphone and apps updated to protect against security threats.
- Be cautious of "freebies" and prize QR codes—these often lead to scams or phishing attempts.
If you suspect a QR code scam, report it to An Garda Síochána immediately. Stay informed and protect your data.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
