Visual Scams and How to Outsmart Them

QR Codes, CAPTCHAs, and Screenshots: The Visual Side of Scams

📝 Introduction

Today we explore a lesser-known side of digital trickery: image-based scams. From innocent-looking QR codes to fake CAPTCHAs and doctored screenshots, scammers are using visuals to bypass filters and fool users. These techniques are growing more common, and it’s important to recognize the signs.

This post follows on from our previous sessions on URLs, phishing, and social engineering. Here, we focus on how images are used as traps rather than just decorations.

📅 Part 1: QR Codes — Scan with Caution

What is a QR Code?

A Quick Response (QR) code is a square barcode that encodes information, usually a URL. Scanning one with your phone’s camera can take you straight to a website.

The Risk:

Scammers can embed malicious links in QR codes:

  • Fake login pages
  • Payment scams
  • Malware downloads
  • Wi-Fi spoofing

Real Example:

A parking meter has a QR code sticker that leads to a fake payment site.

Safety Tips:

  • Use a QR scanner app that lets you examine the code before taking action. On many phones, including the Pixel 7, the built-in camera might not recognize QR codes automatically. Apps like Google Lens can help, but they might show only part of a URL, especially on narrow screens. What you need is a scanner app that reveals the entire URL in clear text before opening it. Avoid any app that immediately opens a link without letting you inspect it. As of May 2025, the Trend Micro QR Scanner is a well-reviewed and trusted choice.
  • Preview the link before visiting (your phone should show the URL).
  • Check the source: Is the QR code official, printed, or stuck on?

Try It:

We will generate a safe QR code in class and explore what happens when scanned. This can be done using any number of free QR code generator websites (e.g., https://www.qr-code-generator.com/ or https://www.the-qrcode-generator.com/). You simply type or copy a URL (like https://u3aboxhill.com.au/wp/courses/course-resources/tech-cafe/) into the tool, and it generates a square image you can save or display. When scanned, the code leads directly to the intended site. We’ll try this together using a known safe URL, and inspect what the scanner shows before visiting the site.

🔒 Part 2: CAPTCHA Confusion

What is a CAPTCHA?

CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” It usually shows distorted text or images you have to interpret.

The Risk:

Scammers fake CAPTCHAs to:

  • Distract users while malware loads in the background
  • Trick you into thinking a site is safe or official
  • Gather input as part of a scam form

Real Example:

A pop-up shows a “Verify you’re human” screen, but clicking it starts a download.

Safety Tips:

  • Real CAPTCHAs appear on trusted sites, not out of the blue.
  • Avoid clicking verify buttons on unknown websites.
  • Watch for full-screen overlays that feel out of place.

📷 Part 3: Screenshots and Visual Forgeries

What is the Trick?

Screenshots can be edited to:

  • Fake a bank transfer or PayPal confirmation
  • Show altered chat messages
  • Display spoofed website logins or account details

These can be used to pressure or manipulate someone.

Real Example:

“I sent the money, here’s proof” — but it’s a Photoshopped screenshot.

Safety Tips:

  • Ask for confirmation from your bank, not just a picture.
  • Don’t trust images as sole proof of transactions.
  • Look for subtle clues: inconsistent fonts, fuzzy edges, cropped details.

Try It:

We’ll look at an example of how text can be faked using screenshots. Here’s a simple message:

Original text:

 

I transferred the $0.50 this morning. Let me know once it arrives.


Now imagine someone takes a screenshot of that message and alters it:

Fake screenshot version:

This kind of visual forgery is difficult to detect without access to the original source. We’ll explore what visual clues (like spacing, alignment, or font irregularities) might give it away.

🛡️ Part 4: Reporting Scams — Why It Matters and How to Do It

Even the most tech-savvy individuals can fall victim to scams. Scammers continually adapt their tactics, making it challenging to stay ahead. However, by remaining vigilant and promptly reporting suspicious activities, we can collectively reduce the impact of these scams.

🚨 Why Reporting Is Important

Remember, there’s no shame in being scammed. Reporting is a proactive step towards combating cybercrime.Crime Stoppers Victoria

📝 How to Report Cybercrime in Victoria

By reporting scams, you contribute to a safer online community. Stay informed, stay cautious, and don’t hesitate to seek help when needed.

⚡ Summary: Trust the Process, Not the Picture

Scams using images are powerful because they bypass logic and go straight to your visual trust system. They look legitimate, even when they’re not. Always:

  • Verify links and sources.
  • Use trusted apps and websites.
  • Ask questions if something feels wrong.

In today’s Tech Café we’ll demonstrate some of these tricks and how to spot them. Remember: if it looks too real, it might be fake.

🎓 Resources for Further Learning

Stay alert. Stay curious. See you next week!

About the image

CNN QRcode stupidity” by renaissancechambara is licensed under CC BY 2.0.

WordPress Appliance - Powered by TurnKey Linux