QR codes are everywhere now, cafés, parking metres, event check-ins, gym sign-ins and local markets. They're quick, contactless and convenient, which is exactly why scammers love them too.
The scam is simple but effective. Fraudsters place a fake QR code sticker over a legitimate one in a public space. You scan it, thinking you're paying for parking or checking a menu, and instead you're taken to a convincing fake website designed to steal your personal or payment details. By the time you realise something is wrong, your information is already gone.
It sounds obvious when you know about it. But these fake codes are getting harder to spot, and even savvy people get caught out when they're in a hurry.
What to watch for
- A sticker QR code placed over a printed one, look for uneven edges, bubbling or anything that looks like it's been stuck on top
- URLs that look slightly off after scanning (e.g. nzta-pay.com instead of nzta.govt.nz)
- Any site that asks for payment or personal details when you weren't expecting it
- Poor design, spelling errors or urgent language on the page you land on
Before you scan
- Check the QR code hasn't been tampered with, give it a close look before pointing your camera at it
- Preview the URL before opening it, most phone cameras show the link before you tap through
- When in doubt, type the address directly into your browser instead
- If you're paying for parking, consider using the parking provider's official app instead
QR scams have been reported at parking metres in Auckland and Wellington, so it pays to take an extra second before you tap. A little caution goes a long way.
If you think you've been scammed, report it to CERT NZ at certnz.govt.nz or call your bank immediately if payment details were involved.
Comments
0 comments
Article is closed for comments.