Stay updated with the latest Cybersecurity News on our TecnetBlog.

QR Code Scam Targets Colombian Users

Written by Muriel de Juan Lara | Oct 21, 2025 1:00:04 PM

In recent years, Colombia has seen an exponential rise in digital payments and QR code transactions. What began as a practical, contactless solution during the pandemic has now become the perfect stage for a new wave of digital fraud.

Thousands of users — especially in cities like Bogotá and Medellín — have fallen victim to scams using fake QR codes placed in public spaces and shops, sparking serious concern among authorities and cybersecurity experts.

 

How the QR Code Scam Works

 

The scam, known as “QR swapping”, relies on a simple but highly effective trick.

Criminals print fake QR stickers and place them over the legitimate ones used for digital payments in cafes, restaurants, and stores.

At first glance, the code looks authentic. But when scanned, it redirects users not to their bank or payment app, but to a phishing site that mimics trusted platforms.

Once there, scammers can steal personal information such as:

 

  1. Full name and ID number

 

  1. Bank account details

 

  1. Access credentials

 

  1. Or even install malware to spy on or control the victim’s phone.

 

The method went viral after TikTok user @conmari.narvaez warned:

“You think you’re paying for a coffee, and seconds later your account is empty. Scammers place fake stickers on top of real codes, and when you scan them, you’re redirected to cloned pages that steal your data.”

 

The Rise of Digital Payments — and of Fraud

 

QR payments skyrocketed postpandemic.

Over 60% of Colombian businesses now accept QR codes through platforms like Nequi, Daviplata, Bancolombia, and Wompi.

However, the same accessibility that made them popular also makes them vulnerable.

According to Colombia’s Cyber Police, more than 25,000 cybercrime reports were filed in 2025 — nearly 12,000 linked to digital theft.

Many victims only realize they’ve been scammed when they detect unauthorized transactions in their accounts.

 

Learn more: WhatsApp Launches New Security Feature to Curb Scams

 

A Blend of Physical and Digital Manipulation

 

This scam uniquely combines social engineering with physical tampering.

Fraudsters scout locations where QR codes are visibly displayed and replace them with counterfeit stickers.

These fake codes often lead to convincing phishing pages asking for mobile numbers, PINs, or bank credentials.

What appears to be a normal transaction becomes a gateway for data theft or malware installation.

In some cases, malicious links trigger automatic downloads that infect the device, allowing attackers remote access to passwords, contacts, and digital wallets.

 

StepbyStep: How the Scam Unfolds

 

  1. You scan a QR code at a café or store.

 

  1. The code redirects to a fake banking or payment site.

 

  1. You enter your login details to “complete the payment.”

 

  1. Scammers capture your data and drain your account.

 

  1. In some cases, malware is silently installed on your phone.

 

How to Spot a Fake QR Code

 

While spotting a tampered code isn’t easy, these signs can help:

 

  1. Suspicious stickers: Poorly placed or lowquality labels could mean it was replaced.

 

  1. Unfamiliar URLs: Always check the link before opening it. If it’s not your bank’s domain, stop.

 

  1. No security certificate: Make sure the website starts with “https://” and shows the padlock icon.

 

  1. Urgent or promotional messages: Avoid scanning codes offering instant discounts or prizes.

 

  1. Public exposure: Be wary of codes on tables or walls that could easily be swapped.

 

How to Protect Yourself

 

At TecnetOne, we recommend these key steps:

 

  1. Inspect before scanning. Look for signs of tampering.

 

  1. Use official banking apps. Avoid scanning directly from your camera.

 

  1. Verify the URL before entering any credentials.

 

  1. Keep your device updated to patch security vulnerabilities.

 

  1. Avoid public Wi‑Fi when making digital payments.

 

  1. Ignore unsolicited QR messages or emails.

 

  1. Monitor your accounts and enable realtime alerts for suspicious activity.

 

What to Do If You’ve Been Scammed

 

If you think you’ve scanned a fake QR or spotted unauthorized transactions:

 

  1. Contact your bank immediately and block your accounts or cards.

 

  1. Change all your passwords, especially for online banking.

 

  1. Run a malware scan with updated antivirus software.

 

  1. Report the incident to Colombia’s Cyber Police via CAI Virtual or the 123 hotline.

 

The faster you act, the less damage you’ll suffer.

 

Read more: New Scam Impersonates Netflix to Steal Your Data

 

The Importance of Cyber Awareness

 

This Colombian case highlights a broader issue — the careless use of technology.

QR codes are practical tools, but without verification, they become open doors for cybercriminals.

At TecnetOne, we emphasize that cybersecurity begins with daily habits.

A few seconds of caution — checking links, distrusting unknown codes, and staying informed — can prevent digital theft.

 

In Summary

 

QR codes were designed to make life easier, but scammers have turned them into traps.

With awareness and vigilance, you can still enjoy contactless payments without risking your data.

At TecnetOne, we encourage everyone to stay alert and foster a culture of digital security awareness — because prevention remains the best protection.

 
View full post