FOOTBALL fans flocking to pubs to enjoy the Euros 2024 should be on high-alert for credit card scams, experts have warned.
There has been an uptick in fake QR codes being pasted over real ones on pub tables and posters, disguised as self-order check points.
Fraudsters often disguise malicious apps and websites as legitimate onesCredit: GettyPubgoers may think they're ordering a round - but they might actually be punching their credit card information into a malicious website, set up by cyber crooks.
"Unfortunately we’ve seen a rise in scams ever since self-ordering became the norm during the pandemic," explained John Clark, Product Manager at Takepayments, a company that aims to make online payments safer.
With QR codes now ubiquitous with everyday life, Clark noted there had been a "rise in scammers installing fake QR codes to trick customers into sharing their credit card details".
Widow brings pillow with late husband's face on it to pub every New Year's EveCiting a study by cybersecurity firm Hoxhunt, Clark added that "22 per cent of phishing attacks involve QR codes, so it's important to stay vigilant".
Clark reckons scammers will be looking to prey on the Euros 2024 frenzy to catch out distracted Brits.
Fortunately, there are four sure-fire ways to spot a fraudulent QR code.
Check for certification
Once you've scanned the code with your iPhone or Android, it should take you to a website.
The website you're directed to should "always" be Secure Socket Layer (SSL) certified, according to Clark.
An SSL-certified site has a web address starting with “https://”.
There will also be a padlock icon next to the URL.
"You should also check that the name of the website you're directed to matches the business," Clark continued.
Eye the branding
One way to spot any scam - be it a dodgy app, fake website or risky QR code - is if there are inconsistencies with the branding.
If the branding or logo appears to be different or there are suspicious elements on the code itself, such as if it looks like it has been stuck over another code, it could be a sign that the QR code may not have been made by the business.
Gangsters ‘call for ceasefire’ after deadly Christmas Eve pub shooting John Clark, Product Manager at Takepayments
Fraudsters often disguise malicious apps and websites as legitimate ones.
But the design of a QR code should match the business’s branding.
"If the branding or logo appears to be different or there are suspicious elements on the code itself, such as if it looks like it has been stuck over another code, it could be a sign that the QR code may not have been made by the business," said Clark.
Is it authenticated?
Strong Customer Authentication (SCA) compliance is a legal requirement on all websites that take online payments.
This means a bank carries out checks to confirm a customer’s identity during the transaction.
"You can spot SCA-compliant websites if they ask you for two levels of authentication when making a purchase," Clark explained.
These can be two of three things, according to Barcleycard:
- Something you know (e.g. PIN)
- Something you have (e.g. Card/phone)
- Something you are (e.g. fingerprint)
In this case, you should be asked to use two of these to green-light a purchase.
Make it official
The pub, if it's part of a chain like Greene King or Fuller's, most likely has its own, official app through which you can order drinks and food.
"If the pub you're at are making use of a specific payment platform app or have their own app, consider downloading this directing from your app store instead of using the QR code provided," Clark concluded.
That way, you know for sure you're handing cash to the pub - and not a nameless, faceless scammer.