QR Code Scams (Quishing): How They Work and How to Stay Safe

Verified by GonePhishing.com

What is a QR code scam (quishing)?

QR code scams, often called “quishing”, are a form of phishing where scammers use QR codes instead of clickable links. When you scan the code with your phone, it takes you to a malicious website designed to steal your login credentials, financial information, or trick you into sending money.

The danger is that you can’t see the destination before scanning. This makes QR codes one of the easiest ways for scammers to hide harmful links.

Common QR code scam examples

• Fake parking meter QR codes placed over real ones
• Restaurant menus replaced with scam QR stickers
• Email or text messages asking you to “scan to verify your account”
• Flyers or posters with QR codes promising rewards or urgent action

Why QR code scams are so effective

QR codes feel safe because they are widely used by legitimate businesses. Scammers take advantage of that trust. Since users often scan quickly without thinking, it creates the perfect opportunity for fraud.

Red flags to watch for

• QR codes on stickers placed over official signs
• Messages creating urgency (“scan now to avoid account suspension”)
• Requests for login, payment, or personal information after scanning
• Unknown or shortened website URLs after scanning

How to stay safe

• Do not scan QR codes from unknown or suspicious sources
• Inspect physical QR codes for tampering or stickers
• Use your phone’s preview feature to check the URL before opening
• Go directly to official websites instead of scanning
• Never enter login or payment information after scanning an unknown code

What to do if you scanned a malicious QR code

• Immediately close the website
• Do not enter any information
• Change your passwords if you entered credentials
• Monitor your financial accounts for unusual activity

Final takeaway

QR codes remove visibility — and scammers rely on that. If you don’t know where the code came from, don’t scan it.