QR codes exploited in hospitality sector

Loss adjuster QuestGates is warning hospitality businesses that the accelerated use of QR codes is making them vulnerable to criminals looking to steal data and money. The warning follows an industry-wide uptake of the codes to facilitate trading during the pandemic.

Will Gow, head of cyber and financial lines at QuestGates, said: “Because so many hospitality and event companies were under pressure to get trading again as quickly as possible as COVID restrictions eased, many of the companies supplying QR codes did not adequately consider protection measures. Given the relative ease of accessing and stealing customers’ data and bank account details, we’ve seen a rising trend over recent months in the number of compromises involving QR codes.”

He added: “Many businesses in the hospitality and events industries have integrated QR codes into their day-to-day operations, but unfortunately don’t realise how easy it is for a cyber criminal to replicate a code and simply stick a fake look-alike over the top of a physical code or hack a virtual code via a compromised unsecured site.

“When a customer unknowingly scans the fake code, they are re-routed to a convincing clone site and unwittingly provide all their personal details to the cyber criminals who can then parcel the data up and sell it on the Dark Web. This can be repeated hundreds of thousands of times across multiple customers due to the volume and speed of transactions, particularly at large scale events.”

    Share Story:


Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023

Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.