With pubs across Wales expected to be busy for England’s World Cup semi-final against Argentina on Wednesday, football fans are being warned about a scam that could drain thousands of pounds from their bank accounts.
Avi Chinn, Director of Growth and Strategy at Wealth Recovery Solicitors, a firm that helps people recover lost money from scams, has issued a warning over a scam tactic which he says can be common during events like the World Cup.
QR code phishing, or ‘quishing‘ he says, involves criminals printing their own QR code sticker and placing it directly over a genuine one. These stickers are placed on tables and menu stands in pubs, in the hopes they are scanned by unsuspecting customers looking to order food and drinks.
The phony QR code directs the victim to a website impersonating the real thing, where they are prompted to enter their personal and banking details.
“When people are relaxed and have enjoyed a few drinks, they can be less vigilant and more susceptible to scams like these,” says Avi. “Scammers pray on the fact that you’ll have your phone to hand, won’t want to miss any of the action and will be ordering food and drink to your table. People tend to trust QR codes and scan them quickly without much thought, but it is this speed that often means you’re overlooking where it is directing you.”
With this in mind, Avi has shared his top tips to avoid falling victim to QR code scams, during the World Cup action.
Inspect the QR code
If the QR code is printed directly onto the food and drink menu, or embedded directly onto the table, you can be pretty confident it’s the real deal. However, if the code is on a sticker that is stuck to the menu, menu stand or table surface, stop to consider if the same stickers are present on other tables. If the QR code sticker is peeling to reveal a printed code underneath, this is a surefire indication it’s not legitimate.
Check the URL
When you scan a QR code using your phone’s camera, you can preview the URL before opening the link. Check whether it matches the venue’s actual website or ordering platform before proceeding. If the URL is shortened, misspelled or doesn’t match the company you are dealing with, this can indicate you’re dealing with a phishing website rather than the real thing.
Assess the website
If you’ve scanned a QR code and clicked through to the pub’s supposed ordering page, take a moment to assess the webpage. Are there any obvious spelling or formatting errors, or does it include misaligned or low resolution images, as these can all be indicators that you’re with a phishing website.
Asking for unnecessary information
If you’re on the website, if the page asks you to sign in, create an account, or confirm personal details rather than simply showing the menu and a payment screen, this can be a red flag you’re on a phishing site. If it takes you to a plain form asking for card number, expiry, CVV, and your billing address, name, and date of birth rather than a secure payment page, then avoid proceeding.
Use a dedicated ordering app where possible
Many pub chains including Wetherspoon, Greene King and Marstons have their own dedicated app for ordering food and drink. Download the app directly from Apple’s App Store or Google Play Store if you’re uncertain on the legitimacy of a QR code.
| [donate] | Help keep news FREE for our readersSupporting your local community newspaper/online news outlet is crucial now more than ever. If you believe in independent journalism,then consider making a valuable contribution by making a one-time or monthly donation. We operate in rural areas where providing unbiased news can be challenging. |

















