Overview
QR code scams, known as quishing, exploit the widespread adoption of QR codes for payments, menus, and information sharing. Criminals place malicious QR codes over legitimate ones on parking meters, restaurant tables, and public signage, or embed them in phishing emails and fake flyers. Scanning a malicious QR code can redirect you to phishing websites, trigger malware downloads, or initiate unauthorized payments.
How This Scam Works
Criminals place stickers with malicious QR codes over legitimate ones on parking meters, leading victims to fake payment sites that steal credit card information.
Phishing emails and letters contain QR codes that bypass email security filters, which cannot scan the content of QR code images.
Fake flyers and posters in public places advertise deals, contests, or Wi-Fi access through QR codes that lead to malicious websites.
QR codes on fake parking tickets, utility bills, and government notices direct victims to fraudulent payment portals.
Warning Signs
Real Scam Examples
These are examples of messages used in this type of scam.
[Sticker on parking meter]: Scan to pay for parking. Quick, contactless payment accepted. [QR code links to phishing site that steals credit card information]
Your package could not be delivered. Scan the QR code below to update your delivery address and reschedule. [QR code embedded in email to bypass text-based spam filters]
How to Protect Yourself
1Preview QR code URLs before opening
Most phone cameras show the URL preview before opening it. Check that the URL matches the expected organization before tapping to open.
2Look for tampered QR codes
Before scanning QR codes in public places, check if the code appears to be a sticker placed over an original code. Tampered codes may have different textures or edges.
3Use your phone's built-in camera
Use your phone's native camera app rather than third-party QR scanner apps, as the built-in camera provides better URL previews and security warnings.
4Be skeptical of QR codes in emails
QR codes in emails are often used to bypass spam filters. If an email contains a QR code, it is likely more trustworthy to navigate to the company's website directly.
5Use the GetCyberRight GCR Scam Guard
Our scam checker tool can analyze QR code contents and URLs for known phishing indicators before you visit the link.
Frequently Asked Questions
Think you have received a scam like this?
Paste the suspicious message into our free AI-powered scam analyzer.
Related Resources
Phishing Attacks: The Complete Protection Guide
Phishing is the most common type of cyberattack, responsible for over 90% of data breaches. These attacks use deceptive ...
Smishing: How SMS Phishing Attacks Steal Your Data
Smishing (SMS phishing) uses text messages to trick recipients into clicking malicious links, sharing personal informati...
Fake Delivery Scams: Package Notification Fraud
Fake delivery scams have become one of the fastest-growing fraud types, exploiting the massive increase in online shoppi...
GCR Scam Guard
Related Online Scams resource
PayPal Scam Guide
Related Online Scams resource
Amazon Scam Guide
Related Online Scams resource