Book a free consultation call with an expert today!

QR Code Scams: How To Avoid Them

By Ria Manzanero


September 20, 2023

In our increasingly digitised world, Quick Response (QR) codes have become a common sight, from restaurant menus to event tickets. These two-dimensional barcodes simplify information sharing and can offer a convenient experience for users.

However, cyber criminals have also recognised the potential of QR codes as a new tool for their illegal activities. This has become a threat to both individuals and businesses, as Bring Your Own Device (BYOD) policies have enabled employees to hold confidential business data on their personal devices.

In this article, we’ll explore QR code scams that are being leveraged by cyber criminals and how you or your business can avoid them.

What are QR Code scams?

QR code scams take various forms, but they all have one thing in common: they capitalise on the trust people place in QR codes, assuming they lead to legitimate content or information. Scammers use QR codes to deceive users into revealing sensitive information, downloading malware, or visiting malicious websites.

QR Code hacker

Here are some common QR code scams and how they work:

1. Phishing QR Codes:

QR code phishing is a malicious practice where cyber criminals manipulate legitimate QR codes to redirect unsuspecting users to malicious websites or phishing pages.

Here’s how it works:

  • Cyber criminals create counterfeit QR codes that resemble those used by reputable organisations or businesses.
  • These QR codes are then placed on physical items or sent electronically through phishing emails, text messages, or social media.
  • When users scan the QR code with their smartphones, they are redirected to a malicious website designed to steal sensitive information, such as login credentials or credit card details.

2. Malware Distribution QR Codes:

QR codes have also been used to distribute malware to unsuspecting victims. Cyber criminals embed malicious links within QR codes, and when scanned, this code triggers the download and installation of malware onto the victim’s device.

Here’s how it happens:

  • Users receive QR codes through emails, text messages, or other digital communication channels, often disguised as something innocent or enticing.
  • When the QR code is scanned, it initiates the download and execution of malware, which can include spyware, ransomware, or keyloggers.
  • The malware compromises the victim’s device, allowing cyber criminals to steal data, monitor online activities, or demand a ransom for the return of locked files.
Person scanning QR Code

3. Fake Wi-Fi Networks QR Codes:

Cyber criminals have also employed QR codes to create fake WiFi networks or access points, targeting individuals seeking to connect to public Wi-Fi. This tactic is particularly dangerous because it can lead to unauthorised access to personal information and online accounts:

This is how they do it:

  • Cyber criminals generate QR codes that look like legitimate public WiFi networks, such as those found in cafes, airports, or hotels.
  • These QR codes are placed in physical locations or shared online, luring users into connecting to the rogue network.
  • Once connected, the cyber criminals can intercept and monitor the victim’s internet traffic, potentially capturing sensitive data like login credentials and credit card information.

Now that we understand the threats, let’s explore how to protect ourselves from falling victim to QR code scams.

Free WiFi scams

How to avoid QR Code Scams

While QR code scams are a growing concern, there are steps individuals can take to protect themselves from falling victim to these tactics:

  1. Use a Trusted QR Code Scanner: Download a reputable QR code scanner app from a trusted source. These apps often come with security features that can detect and warn you about potentially harmful QR codes.
  2. Verify the Source: Be cautious when scanning QR codes received via email, text messages, or social media. Verify the source before scanning, especially if the QR code appears to be from an unfamiliar sender.
  3. Check the URL: Before proceeding to a website via a QR code, take a moment to check the URL. Ensure it matches the official website of the organisation or business it claims to represent.
  4. Avoid Unknown Networks: When connecting to public WiFi, confirm with the establishment’s staff that you are connecting to the correct network. Avoid connecting to networks provided through QR codes found in public spaces.
  5. Update Your Device: Keep your smartphone’s operating system and apps up to date to benefit from the latest security patches and features that can protect against QR code scams.
QR code on mobile

Worried about QR code scams at your business?

QR codes have become an appealing tool for cyber criminals to conduct various malicious activities, from redirecting users to phishing sites to delivering malware and exploiting fake WiFi networks. To protect yourself from QR code scams, exercise caution, use trusted QR code scanners, and verify the source and destination before scanning. Staying vigilant is key to ensuring that this convenient technology doesn’t become a cyber threat to you.

If you’re a business that operates using a BYOD policy and you have concerns about your employees falling victim to QR code scams, we can help. We support hundreds of business globally with strengthening their security policies, processes, and awareness, so that they can use devices freely, without the worry of cyber crime.

To find out more about how we can support your business with avoiding a QR code scam, get in touch today!