QR codes are now ubiquitous in daily life, used for tasks such as ordering meals in restaurants, paying for parking, renting bikes, or accessing information about TV programs and upcoming films

When these black-and-white codes are scanned with a mobile phone camera, a link appears, directing users to a specific website where they can place orders or obtain product information

However, scammers are reportedly exploiting this convenience by placing fake QR codes over legitimate ones on digital menus. This type of phishing, known as ‘quishing’, redirects the customer to a fraudulent website, prompting them to enter personal information that the scammer can then access

What Are QR Codes?

Quick response or “QR” codes function similarly to barcodes. Scanning them with a mobile phone camera reveals a link to the information they contain. In our digital age, QR codes are commonly used for browsing restaurant menus, connecting to public Wi-Fi, paying for parking, and redirecting users to websites

The widespread use of QR codes has opened up new opportunities for cybercriminals to commit identity theft and bank fraud

Types of QR Code Scams

Quishing (QR Code Phishing): Quishing involves using QR codes to direct users to fake websites that spread malware or solicit confidential information. Scammers may pose as legitimate companies, sending phishing emails with QR codes that lead to malicious sites or virus-infected downloads

Fake QR codes: Scammers may place fake QR codes over real ones, such as in restaurants or on-street advertisements. These fake codes can lead to fraudulent payment sites that steal money or credit card details

Inverted QR codes: In this scam, malicious QR codes appear as payment methods but actually solicit money from the user. Instead of paying a merchant, the code makes the merchant pay the scammer, and it can also be used to steal personal and financial information

How to avoid QR code scams

Think before you scan: Be especially wary of codes posted in public places. Take a good look. Is it a sticker or part of a bigger sign or display? If the code doesn’t fit in with the background, request a paper copy of the document you’re trying to access or type the URL in manually. When you scan a QR code, take a good look at the website it leads you to. Does it look like you expected it to? If it asks for login or banking information that doesn’t seem needed, don’t hand it over

Codes embedded in emails: These are almost always a bad idea, so skip them entirely. The same goes for codes you receive in unsolicited paper junk mail, such as those offering help with debt consolidation

Preview the code’s URL: Many smartphone cameras, including iPhones running the latest version of iOS, will preview a code’s URL as you start to scan it. If the URL looks strange, you might want to move on

Use a secure scanner app: Even better, as these are designed to spot malicious links before your phone opens them. Trend Micro, offers a free one, as do some of the other big antivirus companies. But stick to the well-known security companies. Malicious QR scanning apps designed to scrape user information have made it into the app stores in the past

Use a password manager: As with all kinds of phishing, if a QR code takes you to an especially convincing fake website, a password manager will still know the difference and won’t autofill your passwords

By staying vigilant and following these precautions, you can enjoy the convenience of QR codes while protecting yourself from potential scams