By | June 5, 2025
0 Comment

How To Avoid QR Code Scams

QR code scams (or “quishing,” a blend of QR and phishing) are increasingly common, especially as QR codes become more popular in everyday life. Here’s how to avoid QR code scams and protect yourself:

Best Practices to Avoid QR Code Scams

1. Don’t scan QR codes from unknown sources

  • Avoid scanning codes from unsolicited emails, texts, flyers, or posters—especially those that look suspicious or are in odd locations (e.g., pasted over official signage).
  • Be wary of codes stuck onto walls, lampposts, or restaurant tables with no branding or context.

2. Check the destination URL before proceeding

  • Most QR scanners will show you the URL before opening it. Examine it carefully.
    • Look for misspellings, odd domain names, or unrelated content.
    • For example: qantas-offers.com.fakeurl.biz is not a legitimate site.

3. Don’t enter personal or payment details on QR-linked sites

  • Be suspicious if a site opened by a QR code immediately asks for:
    • Bank account or card details
    • Login credentials
    • ID numbers or personal info
  • Instead, go directly to the official website via your browser.

4. Use a secure QR scanner

  • Use trusted apps like your phone’s default camera or antivirus apps that check URLs before opening them.
  • Avoid third-party QR scanner apps from unknown developers.

5. Watch for physical tampering

  • Scammers may place fake QR stickers over legitimate ones (e.g., at parking meters or restaurants). If the QR code looks like a sticker or is slightly misaligned, be cautious.

6. Be extra cautious with payment-related QR codes

  • Especially at:
    • Parking stations
    • Cafes/restaurants
    • Pop-up shops or markets
  • Ask a staff member to verify the QR code if you’re unsure.

7. Enable multi-factor authentication (MFA)

  • Even if a scammer gets your login credentials, MFA can stop them from accessing your account.

🚩 Red Flags to Look Out For

  • The QR code leads to a login page for a known service (e.g., Apple ID, Microsoft, bank).
  • You’re offered a reward, discount, or gift in exchange for scanning.
  • The QR code comes via an unsolicited message or social media DM.
  • You’re rushed to take action or warned of urgent consequences.

🛡️ What to Do If You’ve Scanned a Suspicious QR Code

  1. Do not enter any information.
  2. Close the browser tab immediately.
  3. Run antivirus or mobile security software to check for malware.
  4. If you entered credentials, change your passwords and enable MFA.
  5. Report the scam to relevant authorities (e.g., Scamwatch in Australia, FTC in the US).