Scams with QR codes are growing: this is how they can steal your money

QR codes can also hide scams and end up emptying your bank account. “Cybercriminals are always one step ahead and try different methods to defraud their victims,” ??warns the Bank of Spain on its banking customer portal. The latest alert is caused by QRishing, manipulating QR codes to trick the victim into accessing malicious links or apps and stealing their private information.

“In the cases of QRishing that we have known, they ask for bank security credentials, which they will later use in fraudulent operations,” they warn from the OCU.

Variants have not ceased to be seen in recent months. For example, in Madrid false parking tickets have been detected with a QR that refers to a fraudulent payment page, with the money ending up in the pocket of some cybercriminal.

A more sophisticated one is that of the inverse QR, which is done to the waiters when paying the bill. Instead of showing a QR code linked to your account, you are actually making a request for money, which also includes your personal and bank details.

Those that can affect the most on a day-to-day basis are false QRs that, combined with other techniques, such as installing malware or accessing websites that impersonate real pages, end up stealing personal and account data.

Is there a way to protect yourself? Among the advice, the Bank of Spain calls to be wary of short links, which may be suspicious. If the code redirects to a website, a first point to take into account is that the address begins with “https://”. Although it is not something infallible, “it means that it complies with a minimum of security and protection”, they point out from the Bank of Spain.

It is also necessary to protect yourself from pages that are asking us for data: if it is for a procedure, it is better to do it directly from the full URL or the official application. To prevent this, a good option is to use applications that allow you to see the QR link before opening it, something that can be done from the iOS camera or Google Lens on Android.

The OCU also recommends downloading applications only from reliable sources, such as the official stores of the operating systems.

For entrepreneurs there is one last note. It is to verify that the QRs provided to customers actually lead to where they have to lead. That is to say, “that have not been falsified”, such as placing a sticker on top of the real QR, they close from the central bank.