QR Code Scams - Common Tricks and How to Spot Them
Overlay Scams
The most classic technique is pasting a fake QR code over a legitimate one. Targets include parking payment machines, restaurant tables, and public facility signs where many people scan.
Check whether a sticker has been layered over the QR code. Signs include peeling edges, different material texture from surroundings, or unnatural tilting. Avoid scanning if anything seems off.
Phishing QR Codes
QR codes sent via email or SMS with messages like "Account verification required." Scanning leads to convincing fake sites requesting IDs, passwords, and credit card information.
Legitimate companies rarely send QR codes via email requesting login. Don't scan QR codes from suspicious emails; access official apps or websites directly instead.
Fake Payment QR Codes
Replacing a store's payment QR code with a fake one that routes payments to the scammer's account. Victims believe they're making a legitimate payment, making the fraud hard to detect.
As a countermeasure, have the store confirm receipt after payment. If the QR code plate looks suspiciously new or is attached with tape, ask staff to verify.
Fake Parking and Bike-Share QR Codes
Fake QR codes placed on parking meters or bike-share stands redirect to fraudulent payment pages. Overseas, numerous cases of fake QR codes on parking meters have been reported.
Develop a habit of verifying whether QR codes in public spaces are official. When in doubt, pay with cash or card instead, or use the official app directly.
Five Tips to Stay Safe
Basic measures to protect yourself from QR code scams:
- Check the URL: Verify the displayed URL is a legitimate domain before accessing
- Suspect overlays: Check public QR codes for layered stickers
- Don't scan suspicious email QR codes: Access official apps or websites directly
- Be cautious with personal info: Pause before entering passwords or card details on QR-accessed pages
- Use security software: Install security apps that detect phishing sites