Scan Safely: A Shopper’s Guide to Avoiding QR Code Scams

The holiday season is here! With the smell of cinnamon almonds and the search for the perfect candle, Christmas markets are full of festive cheer. These markets show how much payment technology has improved. Instead of fumbling for cash or looking for an ATM, we now just point our phone cameras at a black-and-white square and pay. But this easy method has also brought a new kind of trouble: QR code scammers. As we shop in busy markets, it’s important to know that the very tool meant to make shopping easy can be used by scammers to steal money.

Artificial intelligence and AI tools are making scams more sophisticated during the holidays, especially around the Black Friday frenzy. Cybercriminals now use AI-driven methods to create convincing phishing emails, deepfake videos, and automated scams, making it harder for shoppers to spot fraud. The holidays see a surge in scams due to increased shopping activity and the use of advanced technologies by scammers.

The Magic and Risk of the Holiday Bazaar During the Holiday Season

The holiday season is full of joy and busy markets, where QR codes make paying easy and quick. But scammers use fake QR codes, often by sticking their own over real ones, to steal money or personal information. These scams happen fast and can lead to financial loss or identity theft. It’s important to remain vigilant for potential threats, including those enhanced by AI deepfakes and deepfake technology, as cybercriminals are using increasingly sophisticated methods to deceive shoppers during the holidays.

To stay safe, always check the payment details shown after scanning, feel the QR code to see if it’s a sticker, use your phone’s built-in scanner, avoid scanning codes on public Wi-Fi, be careful of deals that seem too good to be true, and always check URLs after scanning a QR code to ensure you are not redirected to a malicious site. Vendors should protect their QR codes by checking for tampering and keeping them visible and secure. By being careful and verifying before paying, shoppers and sellers can enjoy a safe and happy holiday season.

How the “Sticker Swap” Works

A common tactic in QR code scams during the holiday season is the sticker swap. Scammers print counterfeit QR codes linked to their own accounts or malicious websites and place these stickers over the legitimate codes displayed by vendors. When a shopper scans the code, payments are diverted to the scammer’s account, or the shopper is sent to malicious websites designed to install malware or steal sensitive information.

Why are holiday bazaars such attractive targets for these holiday scams?

• High foot traffic: Crowds make it difficult for vendors to monitor their QR codes constantly.
• Distracted holiday shoppers: The excitement of Christmas shopping can cause shoppers to rush payments without verifying details.
• Busy vendors: Small business owners often juggle multiple tasks, limiting their ability to oversee QR code security.
• Tricking users with fake deals: Scammers may use AI-generated deepfakes or hacked accounts to promote fake holiday deals via QR codes, tricking users into scanning malicious links.

The Brushing Scam

Another delivery-related scheme to watch out for is the brushing scam. In this scam, scammers send unsolicited packages containing QR codes to random recipients. By tricking people into scanning these codes, scammers redirect users to malicious websites that steal personal data or install malware. This method is especially common during the holiday delivery surge, as scammers exploit the increased volume of packages to go unnoticed.

Red Flags to Spot:

Red Flag	Description
Peeling Edges	The sticker may lift at the edges, revealing the original QR code underneath.
Misaligned Codes	The fraudulent QR code might appear off-center or distorted compared to the original.
Paper Quality	Fake codes are often printed on plain paper and taped over professional signage.
Multiple Stickers	More than one QR code in the same spot or overlapping stickers may indicate tampering.
Urgent requests from family	Be cautious if you receive urgent financial help requests via QR codes, as scammers can use deepfake technology to impersonate family members during the holidays.

Being vigilant for these signs helps prevent falling victim to fake delivery scams and other holiday scams involving QR codes.

The Golden Rule: Verify Before You Pay

The most effective way to avoid QR code scams is to double-check the payment recipient before completing any transaction. This simple step can protect you from financial loss, identity theft, and unauthorized access to your financial information.

Verification Tips:

• Confirm Recipient Name: When you scan QR codes using payment apps like GCash, Maya, GrabPay, or ShopeePay, the app will display the recipient’s name or account ID. If the name doesn’t match the vendor’s, such as seeing a generic username instead of the business name, stop the transaction.
• Use the 3-Second Check: Take a brief pause before paying to ensure the details on your screen match what you expect.
• Ask the Vendor: Politely ask, “Does this show your business name on your app? ” to add a human verification layer.
• Never Provide Sensitive Information: Never provide sensitive information (such as passwords, PINs, or credit card details) when accessing sites via QR codes. A legitimate company will not request personal details through QR codes.

Scammers may also impersonate tech support and request remote access to your device, claiming to be from a legitimate company. Remember, a legitimate company will never ask for remote access or sensitive information without proper verification.

Fostering a culture of security and privacy awareness is a collective endeavor that requires the active participation of every individual within an organization. — SGV & Co. Partners

Pro-Tips for Avoiding Holiday Scams for Savvy Shoppers

To further protect yourself during the holiday shopping season, keep these expert tips in mind:

• The Tactile Test: Feel the QR code surface. If it feels like a raised sticker instead of a flat print, it may be a fake QR code.
• Use Built-in Scanners: Avoid third-party QR scanner apps that may lack security features. Use your phone’s native camera or official payment app scanners, which often include protections against phishing messages.
• Inspect URLs: After scanning, if redirected to a website, carefully check the URL for misspellings, suspicious domain names, or missing https://. Never enter sensitive information on questionable sites.
• Avoid Public Wi-Fi: Don’t scan QR codes linked to payments while on unsecured public Wi-Fi. Use a VPN or wait for a secure network to prevent interception of your personal details.
• Beware of Unbelievable Deals: Scammers use fake ads and offers that seem too good to be true to lure victims. Verify such promotions through official channels or trusted retailers.
• Scan Attachments: Always scan attachments in holiday emails with antivirus software before opening them. This helps prevent malware or ransomware attacks that can be hidden in files like e-cards.
• Download Apps Safely: Never download apps from QR codes. Legitimate apps should only be downloaded directly from official stores like the Apple App Store or Google Play Store to avoid malicious software.
• Use Secure Payment Methods: When shopping online, use secure payment methods like credit cards. This offers better fraud protection and helps safeguard your credit card information from travel and booking scams.
• Be Aware of Ransomware Attacks: Ransomware attacks are on the rise, especially during the holidays. Protect yourself by following safe scanning practices, keeping backups, and maintaining strong email security.

By following these tips, you can scan safely, avoiding QR code scams this Christmas.

Advice for Small Vendors: Defend Your Customers

Vendors are key to protecting holiday shoppers from QR code scams. Here are practical steps to secure your payment systems:

• Regularly Inspect QR Codes: Check your QR code frequently for any signs of tampering or sticker overlays.
• Lamination and Framing: Protect QR codes by laminating or framing them, making it harder for scammers to place fraudulent stickers.
• Strategic Placement: Position QR codes near the register or within your direct line of sight to monitor them effectively.
• Staff Training: Educate your team on spotting suspicious QR codes and guiding customers to scan QR codes safely.
• Leverage Predictive Analytics: Use predictive analytics and AI-powered tools to forecast demand and manage inventory efficiently during the holiday season.
• Prevent Unauthorized Access: Secure your systems against unauthorized access, especially during busy periods, by updating passwords, enabling multi-factor authentication, and monitoring for unusual activity.

Essential Safe Online Shopping Practices for Holiday Shoppers

The holiday season brings a surge in online shopping as people search for the perfect gifts and best deals from the comfort of their homes. However, this convenience also attracts cyber criminals who employ tactics like phishing emails, fake ads, and fraudulent QR codes to deceive unsuspecting shoppers. To protect your sensitive information while shopping online, it’s important to follow these key practices.

1. Shop Only with Trusted Retailers

Always make purchases from reputable retailers. Look for websites that begin with “https://” and display a lock icon in the address bar, indicating a secure connection. Be wary of deals or offers that seem too good to be true, as these are often traps set by scammers to capture your payment information on malicious sites.

2. Avoid Clicking Unknown Links or Scanning Suspicious QR Codes

Never click on links or scan QR codes from unknown or unsolicited emails, social media ads, or messages. Such links often lead to phishing sites designed to steal your personal details. Stick to scanning QR codes only from trusted sources and official communications.

3. Strengthen Your Account Security

Protect your online accounts by using strong, unique passwords and enabling multi-factor authentication (MFA) wherever possible. MFA adds an extra layer of security, making it much harder for scammers to gain unauthorized access even if your password is compromised.

4. Keep Your Devices Secure

Ensure your antivirus software is up to date to detect and block potential threats before they can cause harm. Additionally, avoid shopping online while connected to public Wi-Fi networks, as these can be vulnerable points where cyber criminals intercept your financial information. Use a secure, private connection or a trusted VPN when shopping online.

By staying vigilant and adhering to these safe online shopping practices, you can enjoy the holiday shopping season with confidence, reducing the risk of falling victim to QR code phishing, fake ads, and other holiday scams.

Staying Safe from Fake Delivery Scams This Festive Season

Understanding Fake Delivery Scams

As the holiday season ramps up, so does the risk of fake delivery scams. With the surge in online shopping, cyber criminals exploit this opportunity by sending phishing emails and text messages that appear to be from legitimate delivery companies. These messages often contain links or QR codes that, when clicked or scanned, redirect you to fraudulent websites designed to steal your personal details, banking information, or payment details.

How to Recognize Fake Delivery Notifications

Fake delivery notifications can be very convincing. They may mimic the branding and language of well-known courier services like LBC Express, Lalamove, GrabExpress, or 2GO, creating a sense of urgency to prompt immediate action. However, there are key signs to watch for:

• Unexpected messages about deliveries you did not order.
• Requests to click on links or scan QR codes for package tracking or payment.
• Poor spelling or grammar in the message.
• Contact information that does not match the official company’s website.

Steps to Protect Yourself

To safeguard against these scams, always exercise caution when receiving delivery notifications:

• Verify Directly: Contact the delivery company using contact details found on their official website, not those provided in the suspicious message.
• Avoid Clicking Links or Scanning QR Codes: Do not interact with links or QR codes from unknown or unexpected sources.
• Never Share Sensitive Information: Legitimate companies will never ask for credit card numbers, bank account details, or passwords via email or text.
• Monitor Financial Statements: Keep a close eye on your bank and credit card statements for any unusual or unauthorized transactions. Report suspicious activity immediately to your financial institution.

Research Before You Donate or Purchase

The festive season often inspires generosity, but scammers also take advantage of this spirit by creating fake charities or fraudulent companies. Before making any donations or purchases:

• Check the reputation of charities and businesses through trusted sources.
• Look for any warnings, complaints, or alerts to ensure you are dealing with legitimate organizations.

Shopper’s Fake QR Codes Safety Checklist

Action	Why It Matters
Verify the recipient’s name on the app	Ensures payment goes to the correct vendor
Run finger over QR code	Detects sticker overlays
Use the native camera or payment app	Reduces risk from malicious scanner apps
Check the URL carefully	Avoids phishing websites
Scan only trusted QR codes	Prevents redirection to malicious sites
Ask the vendor to confirm	Adds human verification
Avoid public Wi-Fi when scanning	Protects sensitive data from interception

By following these steps, holiday shoppers can confidently embrace the convenience of digital payments without risking exposure to phishing emails, fake delivery scams, or other holiday scams involving QR codes.

Staying Vigilant and Spreading Awareness

Remaining vigilant is key to avoiding falling victim to fake QR code scams. Take the time to double-check any suspicious messages before acting on them. Additionally, help protect your family members and friends by sharing information about these scams and encouraging them to follow safe practices during the holiday season. You can enjoy a safer and more secure holiday shopping experience, free from the risks posed by fake delivery scams.

If you’ve encountered suspicious QR codes during your holiday shopping season, share this guide with fellow holiday shoppers. Let’s keep our communities safe in this digital age.

For more tips on how to check URLs and avoid similar scams, see HousingInteractive’s Fake QR Codes at Christmas Bazaars vlog and learn how to protect yourself this holiday season.