Cybercriminals are duplicating legitimate QR codes to sell to individuals reaching out on secondary platforms and social media networks. Due to this, users who have paid for a particular service are being duped and often denied the service.
While the COVID-19 pandemic brought along tons of restrictions, easy transaction services, including QR code scans, made things simpler for people and hence have become a popular medium of exchange. Buying tickets for concerts is one such example where there is a huge demand. However, when some individuals are unable to get tickets legitimately, they turn to other means to purchase them.
According to a report by WeLiveSecurity, people who could not purchase tickets to some of the most awaited events are turning to secondary markets, including social media websites like Facebook. However, in this process, thousands of people are being tricked into buying tickets from such marketplaces. Moreover, a rise in such crimes has also been observed since last year. This raises questions on the legitimacy and usefulness of offering the QR code payment method instead of the paper tickets that could be bought by making physical payments.
Data on QR code scams so far
Duplicated or fake QR codes can be sent within phishing emails asking users of big brands like Amazon or Walmart to scan those codes to verify purchases made.
Scammers may even sell the same ticket to different people using different platforms. This would relieve them from suspicion, and they can easily leave the platform once the work is done. Such scams may also result in the ticket buyer being denied entry to an event because their QR code was already scanned by someone else.
Interestingly, similar scams have also been detected in India. Talking about fake QR codes being used to sell highly polluting firecrackers disguised as eco-friendly crackers in West Bengal, India, Naba Dutta, secretary of Sabuj Mancha, an organization defending the preservation of the environment and nature, told the Indian news channel The Times of India, “We have collected samples from different markets and scanned the QR codes to find them fake. It is impossible to detect such fake QR-coded banned fireworks amid the genuine ones.”
With such scams increasing, users have been urged not to post pictures containing QR codes or barcodes to prevent misuse. Scribbling or striking it with a line will not make them unusable. Those could also be recreated using specific apps that are available online to convert barcodes into corresponding numbers.