What is quishing: The food and drink scam you need to be aware of this summer

• Fake QR codes risk scamming you out of money.
• Pub-goers need to remain vigilant this summer.
• Experts have detailed the tell-tale signs you could be about to scan a fake code.

Summer is finally here and what a start it has been so far. The latest heatwave is finally easing but we’ve already had plenty of excuses to head to the beer garden or for some alfresco dining.

However, next time you pop down to the pub or to a restaurant, you need to make sure you are on the lookout for a dangerous modern scam. The name quishing might make you chuckle a bit, but it is no laughing matter.

Signed up with NationalWorld Today yet? - Breaking news sent to your inbox.

Since the start of the pandemic at the beginning of the decade, we have seen a widespread adoption of QR codes - especially in pubs and restaurants. It has revolutionised the way we order food and drink.

But if you aren’t careful, scanning the wrong one could really put a damper on the summer. Here’s all you need to know:

What is quishing and how does it work?

The name might not be one you recognise quite yet, it is not among the most widely known scams. It is a portmanteau of QR and phishing - the later of which is the name for a common tactic used by fraudsters in the 21st century,

Cloudflare warns that quishing “is a cybersecurity threat in which attackers use QR codes to redirect victims to malicious websites or prompt them to download harmful content”. It adds: “The goal of this attack is to steal sensitive information, such as passwords, financial data, or personally identifiable information (PII), and use that information for other purposes, such as identity theft, financial fraud, or ransomware.”

How to avoid falling victim to quishing?

Marc Porcar, CEO of QR Code Generator, has shared his top tips for spotting ‘fake’ QR codes and what to do if you suspect one isn’t legitimate. He advises that you should inspect the QR code for signs that a fake has been placed over a pre-existing one.

Another sign to watch out for is peeling edges, weird bumps in the material and anything else that generally looks suspicious. If the corners of the sticker are peeling and it appears there is something underneath, this can be a sure-fire red flag.

If in doubt and if you have suspicions that your table’s QR code isn’t legitimate, it is always best to double check with a staff member before ordering.

Check the URL

When you scan a QR code, your phone allows you to preview the website’s link before you click to visit the site. Use your judgement to assess the website URL and whether it matches up with the establishment’s actual website.

Some scammers will set up a copycat website using a domain name that looks similar but is slightly different to the real thing. For example, the imposter URL could be ‘https://www.pubname.net’ when the genuine website is ‘https://www.pubname.co.uk’.

Also make sure that the website you are visiting on your mobile browser has a padlock symbol next to it, and that the URL begins with ‘https://’ rather than just ‘http://’. This ensures that the website is encrypted with a Secure Sockets Layer (SSL) certificate. Some phishing websites now also use SSL protection in an attempt to trick visitors, so this is a risk that should be taken into consideration when visiting the site.

Suspicious website content

If you click through to a website from a QR code and the webpage content looks unusual or things feel out of place, this can be a sign you are not ordering through a legitimate channel.

Some tell-tale signs that you are on a phishing website include spelling mistakes, lack of correct capitalisation, text being misaligned, and logos and graphics appearing pixelated or out of date.

Asking for too much personal information

When paying online, establishments should only require your email address to provide confirmation of your order, your card number, its expiry date and the last three digits on the back of your card (CVV/CVC). If the site is asking for additional information such as your home address, phone number or even your card’s pin number, this can be a sign that it isn’t legitimate.

Offers too good to be true

Websites that offer things such as free money or products could be an indication that the QR code is not legitimate. If you scan a code and are confronted with deals that seem too good to be true, they probably are.

Check whether there is a dedicated ordering app

Many chain bars and pubs, such as Greene King and Wetherspoons, have their own dedicated app for ordering food and drink to your table. Where possible go through the establishment’s official website, which will redirect you to their self-order app from the Apple or Google Play store. If you scan a QR code and it doesn’t redirect you to the app, you could be dealing with a phishing website.

Marc Porcar, CEO of QR Code Generator, added: “The Euros are a fantastic opportunity for people to come together to cheer on their national team. Unfortunately, scammers see these events as an opportunity to take advantage of people, especially those who have been drinking and may be less vigilant than usual.

“It’s important that people continue to exercise caution when scanning QR codes, to prevent falling victim to this type of phishing scam.”

Have you had a run in with a fake QR code? Share your experience in the comments below or by emailing me: [email protected].