Your weekly dose of scam-proofing in 3 minutes or less—no fluff, just the latest hacks, scams, phishing attacks, and cyber cons you actually need to know about.

🚨SCAM OF THE WEEK: NFC Tap-to-Pay Scams

Tap to pay. Tap to get robbed. Tap to feel like a modern idiot.
That’s the vibe with the latest scam trend targeting your contactless cards and devices.What is a QR Code Scam?

What the hell is an NFC Tap-to-Pay Scam?

It’s when scammers exploit NFC (Near Field Communication) tech—aka the thing that lets you tap your phone, watch, or card to pay — in order to:

• Trick you into tapping and paying dodgy charges
  

• Skim small payments without your consent
  

• Direct you to malicious sites using sneaky NFC chips in posters or fake terminals
  

The tech is convenient. And scammers love convenience.

How it works

1️⃣ The fake terminal
A scammer holds out a legit-looking mobile reader (like the ones your coffee guy uses). You’re asked to “tap” to pay for something small, donate to a cause, or get a promo offer. Boom—payment goes straight to the scammer.

2️⃣ The sneaky scan
In crowded spaces—train stations, shopping malls, festivals—scammers may carry concealed readers, trying to get close enough to “ping” your wallet or phone. It’s rare, but not fiction.

3️⃣ The NFC trap
Criminals are embedding NFC tags in posters, fake signage, or even stickers. You tap to claim “free Wi-Fi” or join a “VIP list”—and instead get redirected to a fake payment site or malicious app.

Why it works

✅ QR codes look official - and there’s no way to eyeball where they lead

 ✅ We’re conditioned to trust them in restaurants, public spaces, and emails

 ✅ Many sites they link to look identical to real ones

 ✅ Scammers know nobody types URLs anymore - we just scan and hope

Real-world examples

🔹 Austin, Texas (2022) – Over 100 fake QR codes placed on city parking meters. Drivers scanned them and entered card details into a scam payment site.

🔹 South Africa (2024) – QR code sent via WhatsApp claiming to be from DHL for parcel collection. Users scanned it and were prompted to “verify” with their bank login. Full account takeover followed.

🔹 London (2023) – QR codes on restaurant tables redirected diners to a spoofed menu that installed a fake “payment app” loaded with malware.

Red flags to look out for

 🚩 QR code looks tampered with or like a sticker slapped on top

 🚩 You’re asked to scan a QR code from an unsolicited email or text

 🚩 You scan and get redirected to a strange domain or unexpected login screen

 🚩 The page asks for card details, personal info, or logins for no clear reason

 🚩 You’re pressured to scan urgently (“Offer expires in 10 minutes!”)

How not to get played

🛑 Don’t scan QR codes from strangers. That includes emails, posters, and sketchy texts.

🔍 Check the URL after scanning - before clicking through. Does it look suspicious? Exit immediately.

📱 Use a QR scanner app that previews the URL instead of auto-opening it.

🍽 In restaurants, ask staff to confirm the code if it looks dodgy.

📥 For deliveries, go directly to the official website or app instead of trusting a QR sent via message.

💳 Avoid entering payment info into any site you reached through a QR code - unless you’re 100% sure it’s legit.

🔥 ONE-LINER HOT TAKE

If you wouldn’t click on a sketchy link in your inbox, don’t blindly scan it off a lamppost.

That’s it for this week.

QR codes are like mushrooms - they pop up everywhere and some of them will kill you

Catch you next time,

Dan & the Goldphish Team

📌 P.S. Know someone who scans every QR code like it’s a scratch card? Forward this before their next scan ends in tears, or tell them to subscribe below.👇