Santander warns of sinister way scammers are using QR codes to steal your bank details

Person scans QR code on phone

Scammers are even placing fake QR codes over genuine ones in public places

Jessica Sheldon

By Jessica Sheldon

Published: 05/01/2024

- 14:26

QR codes have become more and more common in today’s digital world

Santander has warned customers about a worrying way criminals are using QR codes to steal personal and bank details from members of the public.

The rise in QR codes, which stands for quick response, in everyday life, such as browsing menus, visiting a store’s website or paying for parking, has created an opportunity for cybercriminals to steal people’s identities or hack into their bank accounts, the bank said.

Among the tactics is a practice known as “QRshing”. A form of phishing, it uses QR codes to send users to a fake website which spreads malware or elicits confidential information.

Worryingly, cybercriminals have been purporting to be real companies and sending fake emails containing a QR code, prompting users to scan it.

Santander logo outside of bank branch

Santander said the rise of QR codes has created an opportunity for cybercriminals to steal people’s identities


“Then, they attempt to obtain information or spread virus-infected files,” Santander warned.

Genuine QR codes could also be replaced with false ones.

Santander said a “common scam” occurs by a fraudster sticking a false GR code over the top of an original one, such as those used in restaurants or street advertising.

The bank warned: “False QR codes can even be found on parking meters, linking to a credible but fake payment site to steal money or credit card information.”

Inverted QR code scams are also “gaining traction”.

First, scammers create a malicious code and use it as a presumed payment method, the bank said.

However, this code actually does the very opposite, by soliciting money from whoever who scanned it.

Santander said: “Instead of paying the merchant for an item or service, the malicious QR code makes the merchant pay the scammer.

“This type of scam is also used to steal personal information and bank details.”

Santander suggests people check a QR code in a public space hasn’t been tampered with or got a sticker placed on top of it, before scanning it.

Installing anti-virus software can help to verify original QR codes that don’t contain malicious links.

It’s also worth double-checking the preview of the QR code link which appears when scanning it.

Santander said: “Make sure the website address is legitimate. Look for a padlock symbol and an address that begins with “https://”. Only those URLs are secure."

The bank also urged people to "think twice" if the app or website asks for personal details, and to check it is authentic.

You may like