PROJECT: QR CODE SWAPPING SCAMS

PLEASE SHARE THIS PUBLIC DOCUMENT

As digital payments and contactless services become more common in South Africa, criminals are increasingly exploiting

QR code technology to commit sophisticated forms of fraud. This tactic, often referred to as “QRishing” or “QR code swapping,” involves replacing legitimate QR codes—such as those used for payments, parking, or business check-ins—with fraudulent ones that redirect users to fake websites or malicious payment portals.

Once scanned, these codes can steal sensitive information, divert funds to criminal accounts, or install malware on the user’s device. Both individuals and businesses are vulnerable to this form of deception, which is difficult to detect at a glance and spreading rapidly across both physical and digital platforms.

HOW CRIMINALS OPERATE FAKE QR CODE SCAMS:

• QR CODE SWAPPING:

  • Criminals create fake QR codes, often in sticker format, and place them over legitimate QR codes in public places or on payment terminals.

  • When an unsuspecting person scans the fake QR code, they are directed to a fraudulent website or payment portal controlled by the criminals.

• MALICIOUS WEBSITES:

  • These fake QR codes often link to websites that mimic legitimate payment pages or banking sites.

  • The victim enters their payment details or login credentials, which the criminals harvest.

• MALWARE DISTRIBUTION:

  • Some fake QR codes can directly download malware onto the victim's device without their knowledge.

  • This malware can steal personal information, track online activity, or even grant remote access to the device to criminals.

• PHISHING CAMPAIGNS:

  • Criminals may embed malicious QR codes in emails or text messages, enticing recipients to scan them under false pretences, such as fake promotions, delivery notifications, or account security alerts.

• PUBLIC SPACE MANIPULATION:

  • Fake QR codes can be found in various public locations, including parking meters, restaurant menus, posters, and public transport systems, making them easily accessible to a large number of potential victims.

MOST VULNERABLE TYPES OF TRANSACTIONS:

• SMALL RETAIL PAYMENTS:

  • Transactions at informal traders, markets, or smaller shops, where payment processes might be less rigorously monitored.

• PARKING PAYMENTS:

  • Fake QR codes placed on parking meters are a known tactic for stealing payment information.

• RESTAURANT AND HOSPITALITY PAYMENTS:

  • Scammers may place fake QR codes on tables or menus for payment purposes.

• DONATIONS:

  • QR codes for charitable donations in public places could be replaced with fraudulent ones.

• TRANSPORT PAYMENTS:

  • Ticketing systems or payment points in public transport can be targeted.

HOW TO CHECK BEFORE SCANNING:

• VISUALLY INSPECT THE QR CODE:

  • Look closely for any signs of tampering, such as stickers placed over existing codes, uneven edges, or damage to the code.

• VERIFY THE SOURCE:

  • Ensure the QR code originates from a trusted and known source.

  • If it is a payment QR code, confirm with the vendor that it is the correct one.

• CHECK THE URL PREVIEW:

  • Most smartphones will show a preview of the URL after scanning the QR code but before opening it.

  • Carefully examine the URL for any misspellings, unusual characters, or domain names that do not match the expected entity.

  • Secure websites should start with "https://" and have a padlock icon.

• BE CAUTIOUS IN PUBLIC PLACES:

  • Exercise extra caution when scanning QR codes in public areas, as they may have been tampered with.

• AVOID SCANNING UNSOLICITED QR CODES:

  • Be wary of QR codes received via email, SMS, or social media from unknown or suspicious senders.

• CONFIRM PAYMENT DETAILS:

  • Double-check the beneficiary details on your banking app before finalising the transaction if the QR code is for payment.

• USE A REPUTABLE QR SCANNER APP:

  • Some scanner apps have built-in security features that can detect malicious URLs.

  • Ensure your app is from a trusted developer and regularly updated.

• BE SCEPTICAL OF URGENT REQUESTS:

  • Scammers often use a sense of urgency to pressure victims into scanning QR codes without thinking.

  • Be wary of any QR code with an urgent call to action.

ADDITIONAL SAFETY MEASURES:

• ENABLE MULTI-FACTOR AUTHENTICATION:

  • For your banking and other sensitive accounts, enable multi-factor authentication to add an extra layer of security.

• KEEP YOUR DEVICES UPDATED:

  • Ensure your smartphone's operating system and security software are up to date to protect against malware.

• INSTALL SECURITY SOFTWARE:

  • Consider installing reputable antivirus and anti-malware software on your mobile device.

• BE CAUTIOUS WITH PERSONAL INFORMATION:

  • Never enter sensitive personal or financial information on a website through a QR code unless you know its legitimacy.

• MONITOR YOUR ACCOUNTS:

  • Regularly check your bank and other accounts for unauthorised transactions.

• REPORT SUSPICIOUS ACTIVITY:

  • If you encounter a suspicious QR code or believe you have been a victim of a QR code scam, report it to your bank and the South African Police Service (SAPS).

• EDUCATE YOURSELF AND OTHERS:

  • Stay informed about the latest scam tactics and share this information with friends and family to raise awareness.

The abuse of QR code technology for fraudulent purposes is a rapidly growing threat in South Africa’s already challenging cybersecurity environment. According to Interpol and local cybercrime units, scammers are increasingly targeting small businesses, retail customers, and digital banking users through the manipulation of QR codes. Because QR codes are easy to reproduce and difficult to visually verify, they offer a low-effort, high-reward method for criminals to deceive the public.

With over R740 million reported lost to digital banking scams in South Africa in 2022 (SABRIC), this emerging form of fraud highlights the urgent need for increased public awareness, digital hygiene, and strict vetting of payment and communication systems. In the digital age, caution before convenience could mean the difference between staying safe or being scammed.

RELEVANT PREVIOUS PROJECTS:

• https://www.mikebolhuis.co.za/post/project-quishing-scams

• https://www.mikebolhuis.co.za/post/project-the-dangers-of-qr-code-scams-qruishing

• https://mailchi.mp/mikebolhuis.co.za/project-the-dangers-of-qr-code-scams-quishing

Specialised Security Services invites the public to the Mike Bolhuis Daily Projects WhatsApp Channel.

This channel is important in delivering insights into the latest crime trends, awareness, warnings and the exposure of criminals.

How to Join the WhatsApp Channel:

1. Make sure you have the latest version of WhatsApp on your device.

2. Click on the link below to join the Mike Bolhuis Daily Projects WhatsApp Channel:

- https://whatsapp.com/channel/0029VarjftF8PgsI4pODE929

3. Follow the prompts to join the channel.

4. Make sure you click on "Follow", then click on the "bell"-icon (🔔)

CONTACT MR MIKE BOLHUIS FOR SAFETY AND SECURITY MEASURES, PROTECTION, OR AN INVESTIGATION IF NEEDED.

ALL INFORMATION RECEIVED WILL BE TREATED IN THE STRICTEST CONFIDENTIALITY AND EVERY IDENTITY WILL BE PROTECTED.

Regards,

Mike Bolhuis

Specialist Investigators into

Serious Violent, Serious Economic Crimes & Serious Cybercrimes

PSIRA Reg. 1590364/421949

Mobile: +27 82 447 6116

E-mail: mike@mikebolhuis.co.za

Fax: 086 585 4924

Follow us on Facebook to view our projects -

https://www.facebook.com/MikeBolhuisOfficial

EXTREMELY IMPORTANT: All potential clients need to be aware that owing to the nature of our work as specialist investigators there are people who have been caught on the wrong side of the law - who are trying to discredit me - Mike Bolhuis and my organisation Specialised Security Services - to get themselves off the hook. This retaliation happens on social media and creates doubt about our integrity and ability. Doubt created on social media platforms is both unwarranted and untrue. We strongly recommend that you make up your minds concerning me and our organisation only after considering all the factual information - to the exclusion of hearsay and assumptions. Furthermore, you are welcome to address your concerns directly with me should you still be unsatisfied with your conclusions. While the internet provides a lot of valuable information, it is also a platform that distributes a lot of false information. The distribution of false information, fake news, slander and hate speech constitutes a crime that can be prosecuted by law. Your own research discretion and discernment are imperative when choosing what and what not to believe.

STANDARD RULES APPLY: Upon appointment, we require a formal mandate with detailed instructions. Please take note that should you not make use of our services – you may not under any circumstance use my name or the name of my organisation as a means to achieve whatever end.

POPI ACT 4 of 2013 South Africa: Mike Bolhuis' "Specialised Security Services" falls under Section 6 of the act. Read more here: https://mikebh.link/fntdpv

SSS TASK TEAM:

https://mikebh.link/2fkmx6

Copyright © 2015- PRESENT | Mike Bolhuis Specialised Security Services | All rights reserved.

Our mailing address is:

Mike Bolhuis Specialised Security Services

PO Box 15075 Lynn East

Pretoria, Gauteng 0039

South Africa

Add us to your address book

THIS PUBLIC DOCUMENT WAS INTENDED TO BE SHARED, PLEASE DO SO.