Skip to content

Palma de Mallorca

Palma de Mallorca
© Shutterstock / symbol image

Beware of scams: "QRishing" on Mallorca

Mallorca
Tourismus

The Spanish police are warning of a new scam on the Balearic Islands: Criminals are sticking fake codes over QR codes in restaurants and on parking machines to lure unsuspecting users to manipulated sites and steal sensitive data.

A quick glance at your smartphone, scan it once - and it can happen: What looks like a normal QR code on a restaurant wall or parking meter is increasingly turning out to be a trap. In Mallorca and other parts of Spain, the police are warning of a new form of fraud in which so-called "QRishing" attacks are becoming increasingly common, as Mallorca Magazine reports.

The perpetrators are relying on something that has long been part of our everyday lives: QR codes are used everywhere - when paying, ordering in a restaurant or parking. It is precisely this familiarity that makes them so attractive to fraudsters. They attach fake codes or paste over real ones so that users are redirected to fake websites unnoticed when scanning.

Similar pages deceive users

The sites often look confusingly similar to the real providers: same colors, same logos, same structure. Everything looks serious. In reality, however, it is about tapping into personal data - such as contact details or bank information. In some cases, even visiting such sites can be problematic if malware is loaded in the background.

What is particularly dangerous is that these manipulations take place exactly where nobody expects them: on vacation, when eating or when parking. Even a pasted-over QR code on a menu or at a parking machine is enough to lead users to a fake payment page. Anyone who enters their data there does not end up with the official provider, but with criminals.

Fake parking tickets and payment requests

The scam occurs in different variations. In addition to manipulated QR codes in public spaces, there are also fake parking tickets, emails or messages with scan requests and similar tricks at charging stations for electric cars. It's always about exploiting trust or creating pressure so that people act quickly without taking a closer look.

The success of this method is strongly linked to our behavior. QR codes have been firmly established in everyday life for several years now, and scanning them often happens automatically and without suspicion. It is precisely this routine that the perpetrators exploit. Unlike with traditional scam emails, the victim has to take action themselves - and often does not realize that they are falling into the trap.

How to recognize "QRishing"

The best way to protect yourself is to pay attention. If a QR code looks unusual, such as a sticker, or is attached at an angle, you should be careful. The Internet address that is displayed after scanning should also always be checked before entering anything. Deviations or unknown pages are a warning signal.

As a general rule, only use QR codes whose source is clearly recognizable. Particularly with codes from messages or e-mails, skepticism is advisable. Reputable providers do not request sensitive data in this way. In addition, the latest software, security updates and two-factor login increase protection.

How do victims react?

Anyone who is nevertheless affected should react quickly. Stop all entries immediately and inform the bank if any payment data is affected. Passwords should then be changed and the device checked. It also makes sense to report it to the police. Every report helps to better identify the perpetrators behind such attacks and prevent further cases.


The Falstaff Travel Editors
Author
Find out more
1 / 12