Do YOU live in a scam hotspot? Exclusive map reveals the biggest targets in the UK for online hackers

a pair of hands typing on a laptop in a dimly lit room with an inset image of a heat map of the UK with the areas of highest fraud pictured

McAfee research has revealed the hotspots across the UK where you're most likely to find yourself caught in an online scam, with Quishing one of the fastest growing trends for online fraudsters

Aaron Brown

By Aaron Brown

Published: 10/04/2024

- 12:31

Updated: 10/04/2024

- 12:39

1 in 5 people in London have fallen prey to online scams in the last year

Thousands of Britons are targeted by online fraudsters every single day — and the average victim loses as much as £325 to the scammers. But does your current postcode increase your likeliness of being scammed?

One unintended consequence of the nationwide lockdowns used throughout the Covid-19 pandemic was the explosion in online crime as criminals were forced to find ways to target people who spent the vast majority of their time at home.

And the rise in online scams shows no sign of stopping. Research from BDO, the fifth-largest accounting network on the planet, shows that fraud cost the UK an eye-watering £2.3 billion last year — more than double the figure from 2022 and the second-highest annual total recorded by BDO in two decades.

Security experts McAfee have published new research that shows exactly where in the UK these online crimes are taking place. And those living in the capital should be on high alert.

According to a study conducted by anti-virus firm McAfee in partnership with Censuswide, 18% of people living in London have fallen for an online scam in the last year, making the city a prime target for scammers.

mcafee map showing the hotspots for online scams across the uk

McAfee research has revealed the hotspots across the UK where you're most likely to be hit with an online scam


Bristol, which is roughly the sixth most populous city in the UK, came in second place for scams with 16% and Southampton clinched the final podium position with 14% of people falling for scams. Southhampton isn't even in the top 20 when it comes to population levels for UK cities, so this isn't simply a numbers game.

McAfee also looked into the safest cities in the UK, with the fewest number of people who have been tricked into online scams within the last year. Norwich had the fewest victims of online crime, with a minuscule 2% of its population falling prey to online hackers, followed by Belfast (3%) and Glasgow (4%).

Online scams take many forms, but one of the fastest-growing trends involves fake QR codes, security researchers at McAfee have warned.

According to the survey conducted by McAfee, over a fifth (21%) of all online scams in the UK could have originated from a QR code, with the average amount lost totalling £325.

Known as Quishing, this QR code-based scam has surged in recent months.

McAfee researchers found 100,000 examples targeting people in the UK via email alone. The sheer volume suggests a sophisticated Artificial Intelligence (AI) could be behind the renewed push, they tell us.



How many have fallen for scams

















































QR codes have existed since the mid-90s, but exploded in popularity during the Covid-19 pandemic when restaurants, shops, and pubs wanted to prevent customers from sharing printed menus and other physical items. Developed by Japanese firm Denso Wave — a division of Denso, which is a subsidiary of automobile giant Toyota — to track parts during the car assembly process.

The pattern that makes up a QR code can house a surprising amount of information — up to 4,000 characters of text, as it turns out. This can be used to direct users to URLs, phone numbers, PDF documents, or kickstart a download from the Apple App Store or Google Play Store.

QR codes are sometimes used to authenticate online accounts and verify login details. When launching a new session on WhatsApp Web, iPhone and Android users will need to scan a QR code on their laptop or desktop PC to verify they're the account owner.

Person scans QR code on phoneScammers are even placing fake QR codes over genuine ones in public places GETTY

They are also found in airports, car parks, train stations, on posters and billboards. Stickers with fraudulent QR codes have been placed over legitimate ones by scammers to steal money from unsuspecting victims. One victim in Thornaby, north-east England lost £13,000 to scammers who used this exact method last year. Rail firm TransPennine Express removed all QR codes from its car parks following reports of the scams

Cybercriminals exploit the ease of use of QR codes, using doctored links that pose as legitimate websites in the hopes you’ll follow them to a malicious site designed to trick you into making a payment, handing over your personal or financial information or installing malware on your device.

With the help of AI, these phishing sites are becoming even more compelling and believable.

Speaking about the results of the research, Head of EMEA at McAfee, Vonny Gamot told us: "While our research shows that Londoners are more likely to fall for scams, it doesn’t mean that people from other places and regions are immune. Plus, with a recent rise in malicious QR code scams, which are inherently difficult to spot, and the fact that over a fifth of all scams could have originated this way, it’s critical that we all take a moment to review our online safety.

“Being aware of the latest scams, such as Quishing, is an important step in protecting your privacy and identity online, but it’s also wise to be cautious of any requests for information or money. Take a close look at URL previews that appear after scanning a QR code and if something seems off, don’t follow it. Always go direct to the source and always use a known and trusted payment method.”

Recent research by NordVPN showed that Gen Z and Millennials are the most avid users of QR codes among all age groups. A third (31.5%) of individuals aged 18 to 34 use QR codes to access public Wi-Fi. Meanwhile, 28% of those aged between 18 and 24 express a preference for QR codes over physical menus in restaurants and pubs.

How to avoid QR code scams:

  1. Be sceptical of QR codes from unknown sources, including emails and social media messages
  2. Take a close look at the link that appears after scanning a QR code, as scammers often alter addresses to mimic legitimate websites with just a few characters difference
  3. Exercise caution when scanning shortened links, especially in unsolicited communications
  4. Pay attention to signs of tampering or suspicious placement of QR codes in physical spaces
  5. Use the native QR code reader on your smartphone, like the built-in camera app on iPhone and Google Lens mode on Android, instead of third-party apps, which could pose additional security risks
  6. Refrain from making payments using QR codes and opt for trusted payment methods instead

You may like