Most (74%) of British internet users have never heard of QR code spam, according to a recent representative survey commissioned by European email provider GMX.

This is despite a significant increase in QR code spam being detected by GMX email security experts. They analysed how spammers change their methods by running so called ‘honey traps’, which are special email accounts without spam filters which aim to attract as much spam as possible. The analysis of the contents of these traps show that QR code spam is trending in 2019 top spam methods.

“Our experts have noticed that many more emails are being sent with malicious QR codes. The results of this survey show that, by not knowing, users may be making themselves vulnerable to the new trend of QR Code scams. It is very important to check the sender and context before scanning a QR Code and find out where the link is directing you,” says GMX CEO Jan Oetjen.

QR codes are scannable two-dimensional barcodes that direct smartphone users to websites or other downloadable content. The QR codes have become extremely popular in recent years as they allow consumers to download apps, initiate customer service, access WiFi networks and purchase products.

But QR code spam can also lead to websites that contain malware. Once you scan the code your smartphone may get infected by a virus which can then steal money from the mobile wallet or download ransomware which encrypts personal data for a payment.

Sometimes the scam is even more direct. A customer wishing to pay for goods or services may scan a QR code expecting the payment to go directly to the provider, but the money is instead redirected to a criminal’s bank account.

GMX internet security experts give advice

Fraudulent QR codes are virtually impossible to spot with the naked eye, but there are some things that you can do to avoid becoming a victim:

  1. If you receive a QR code in an email, via an instant messaging app or on a social network, you should be careful what you’re scanning. Use a secure QR code scanner that can flag up malicious websites and show the actual URL before scanning.
  2. A QR code is just like a normal internet link; you shouldn’t click on it if you don’t know its origin. Do not scan QR codes from companies, or even individuals, that you do not know and trust.
  3. Don’t be rushed or talked into paying via a QR code if you are not completely happy with it. If you have any suspicions that it may be fraudulent, alert your bank and change your credentials as soon as possible.
  4. When creating QR codes yourself, be careful where you do it. Online fraudsters offer free QR Code Generators that may lead to scam sites. Pay special attention to QR Code Generators that are related to cryptocurrencies.
  5. If you scan a QR code and find yourself on a web page that asks for personal information like passwords, even if it looks like the real thing, don’t type in any information. Go directly to the homepage of the company’s website.
  6. If you are out and about in real life, before scanning a QR Code, run your fingers over it; if it has raised edges or is slightly thicker than the surrounding area, then it could be a fake code sticker that has been put on top of the real thing. Go directly to the company’s website to check the information you are looking for. Also be careful about scanning QR codes in public places which are vulnerable to alteration such as bus stops, train stations or on advertising hoardings. Even shops, cafes, tourist information and doctor’s surgeries are accessible by fraudsters.