FOOTBALL fans flocking to pubs to enjoy the Euros 2024 should be on high-alert for credit card scams, experts have warned.
There has been an uptick in fake QR codes being pasted over real ones on pub tables and posters, disguised as self-order check points.
Pubgoers may think they’re ordering a round – but they might actually be punching their credit card information into a malicious website, set up by cyber crooks.
“Unfortunately we’ve seen a rise in scams ever since self-ordering became the norm during the pandemic,” explained John Clark, Product Manager at Takepayments, a company that aims to make online payments safer.
With QR codes now ubiquitous with everyday life, Clark noted there had been a “rise in scammers installing fake QR codes to trick customers into sharing their credit card details”.
Citing a study by cybersecurity firm Hoxhunt, Clark added that “22 per cent of phishing attacks involve QR codes, so it’s important to stay vigilant”.
Clark reckons scammers will be looking to prey on the Euros 2024 frenzy to catch out distracted Brits.
Fortunately, there are four sure-fire ways to spot a fraudulent QR code.
Check for certification
Once you’ve scanned the code with your iPhone or Android, it should take you to a website.
The website you’re directed to should “always” be Secure Socket Layer (SSL) certified, according to Clark.
Most read in Phones & Gadgets
An SSL-certified site has a web address starting with “https://”.
There will also be a padlock icon next to the URL.
“You should also check that the name of the website you’re directed to matches the business,” Clark continued.
Eye the branding
One way to spot any scam – be it a dodgy app, fake website or risky QR code – is if there are inconsistencies with the branding.
If the branding or logo appears to be different or there are suspicious elements on the code itself, such as if it looks like it has been stuck over another code, it could be a sign that the QR code may not have been made by the business.
John Clark, Product Manager at Takepayments
Fraudsters often disguise malicious apps and websites as legitimate ones.
But the design of a QR code should match the business’s branding.
“If the branding or logo appears to be different or there are suspicious elements on the code itself, such as if it looks like it has been stuck over another code, it could be a sign that the QR code may not have been made by the business,” said Clark.
Is it authenticated?
Strong Customer Authentication (SCA) compliance is a legal requirement on all websites that take online payments.
This means a bank carries out checks to confirm a customer’s identity during the transaction.
“You can spot SCA-compliant websites if they ask you for two levels of authentication when making a purchase,” Clark explained.
These can be two of three things, according to Barcleycard:
- Something you know (e.g. PIN)
- Something you have (e.g. Card/phone)
- Something you are (e.g. fingerprint)
In this case, you should be asked to use two of these to green-light a purchase.
Make it official
The pub, if it’s part of a chain like Greene King or Fuller’s, most likely has its own, official app through which you can order drinks and food.
“If the pub you’re at are making use of a specific payment platform app or have their own app, consider downloading this directing from your app store instead of using the QR code provided,” Clark concluded.
That way, you know for sure you’re handing cash to the pub – and not a nameless, faceless scammer.
How to spot a dodgy app
Detecting a malicious app before you hit the ‘Download’ button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.