• //
    • //
    • //
  • QR code scams on the rise

    • QR code scams on the rise

    August 18, 2025

    What you should know before you scan

    They show up on menus, posters and packages: QR codes.

    The black and white pixelated squares are seemingly everywhere, offering a quick way to pay for parking, view a restaurant menu or enter a contest.

    But not all codes are what they seem. Scammers have found ways to hide malicious links inside fake QR codes.

    The trick is called “quishing,” short for QR + phishing. One scan could send you to a fraudulent website, install malware on your phone, or steal your personal information.

     

    How QR code scams work

    First, criminals hide malicious links inside QR codes, which they can generate quickly using free, online tools. Then, they plant these malicious squares in places where people are likely to scan them.

    In public spaces, they might place a fake code sticker over a real one. Or they might include them in a spoofed email or text.

    Often, the code sends users to a fake website designed to look like a trusted one. The site prompts you to enter your login, payment details or other personal information. Scammers then use that data to access your accounts, make unauthorized purchases or even commit identity theft.

    Quishing works because a QR code doesn’t reveal its destination until you scan it. By the time you realize something is wrong, it may be too late.

    Source: https://lifelock.norton.com/learn/fraud/qr-code-scam

    Smart tips to stay safe

    QR code scams are tricky to catch. A fake code looks just like a real one, and scammers often place them in familiar spots, like menus or posters.

    It’s easy to let your guard down and scan without thinking twice. But you can protect yourself with a few simple habits.

    • Stick to trusted sources. Only scan codes from places or people you know. If something looks suspicious, type in the web address yourself.
    • Preview the link. Your phone will often show the URL before opening it. Check that it’s spelled correctly and begins with “https.”
    • Inspect before scanning. If a code is low-quality, misaligned, placed oddly, or appears to be tampered with, don’t use it.
    • Skip third-party QR apps. Use your phone’s built-in camera instead.
    • Add security layers. Mobile antivirus software and two-factor authentication can give you extra protection.
    Source: https://lifelock.norton.com/learn/fraud/qr-code-scam

    Stay alert, stay safe

    If you think you’ve scanned a suspicious code, certain actions can minimize harm. Disconnect from the internet, run a malware scan, change your passwords, and keep an eye on your accounts.

    You can also report the scam to the FTC at reportfraud.ftc.gov and alert the business or location to prevent others from falling for it.

    QR codes can be convenient tools, but they deserve the same caution as any unfamiliar link. Pausing before you scan can keep your phone and information safe.

     

    Source: LifeLock by Norton