QR codes have become an increasingly used way for digital frauds, with special risk in public spaces and payment points. The warning comes at a time when this system has become normalized in restaurants, transport stations, and businesses, where its use is already part of daily gestures.
Iskander Sánchez Rola, director of artificial intelligence and innovation at Norton, warns that scanning QR codes has spread in recent years, but it has also transformed into a new tool for fraud. The expert warns that cybercriminals have found in this format a discreet and effective formula to redirect users to fake pages, steal personal data or cause unauthorized charges.
A quick access that reduces warning signs
One of the main problems with this type of deception is that, unlike traditional links, the user cannot see the web address before entering. That lack of visibility reduces the ability to detect suspicious signs and increases the chances of falling into the trap.
Furthermore, the risk increases because when scanning a code, it is not necessary to compromise complex systems. That seemingly simple step can open the door to access sensitive information if the user enters personal data or authorizes operations on a fraudulent website.
False codes superimposed over legitimate ones
One of the detected practices consists of replacing authentic codes with false ones placed on top in places of habitual use. Among the cited scenarios are restaurants, transport stations and payment points, spaces where speed and routine play in favor of deception.
Fraud can go unnoticed precisely because the code appears to be part of the environment. The user scans it trusting that it belongs to the establishment or the service, when in reality they may be being redirected to a page designed to capture information or execute a charge.
Recommendation of maximum caution
Norton advises maintaining a preventive attitude. The main recommendation is to avoid scanning codes placed in public spaces or coming from unknown sources, especially when they are linked to payments, discounts, or promotions.
Also, it is insisted upon checking any notice directly with the company or the corresponding institution before providing personal data or completing a transaction. Verifying through an official channel remains the most effective measure to reduce the risk in the face of a fraud technique that takes advantage of trust and the immediacy of the gesture of scanning.