Multiple Faces Detected
March 25th, 2025
A QR Code (short for “Quick Response”) is a two-dimensional barcode containing data readable by a phone’s camera. Between 2021 and 2024, the use of QR codes surged by 230%, driven mainly during the COVID-19 lockdown.
This innovation eliminated one’s reliance on cards and even POS (Point of Sale) machines, as transactions could be completed directly through scanning.
As QR codes became more popular, some individuals began using them for scams, taking advantage of their convenience for dishonest purposes.
What is a QR Code?
A scannable code of black and white squares is commonly used to store URLs or other data for quick access via a smartphone camera. Masahiro Hara and his team at the Japanese company Denso Wave created it in 1994.
There are two types of QR Codes:
- Static QR Code: This is a type of QR code in which the encoded information is permanent and cannot be changed once generated. It typically includes fixed data like a website URL or contact information.
- Dynamic QR Code: It allows the information to be edited or updated even after the QR code is created and often includes a short URL that redirects to the desired content
The Hidden Danger Behind QR Codes
While QR codes offer convenience, they have also become a target for cybercriminals exploiting them for scams. Because a QR code consists of a pattern of black squares, distinguishing between safe and harmful is challenging, increasing the likelihood of fraud.
QR phishing, or “quishing,” happens when someone unknowingly scans a malicious QR code, often sent through email. The code redirects them to a fake website resembling a legitimate bank or eCommerce platform.
Once on the site, users are asked to enter sensitive information, such as banking details, putting their security at risk.
Cybercriminals use several tactics in these attacks, including:
Data Harvesting
Scammers don’t just use QR codes to steal funds from bank accounts. More often, these scams trick users into sharing personal information or granting device access, which can lead to further exploitation.
Contact Tracing
During the COVID-19 pandemic, contact tracing apps became widely used as manual tracking methods were slow and limited.
Scammers took advantage of this by creating fake apps, promoting them on social media, and placing QR codes in public spaces like hospitals and train stations. Scanning these codes led users to convincing download pages.
Once installed, these apps requested permissions that many users granted, giving scammers access to GPS location, health data, contacts, and other sensitive information.
WiFi Connection
In QR code scams, attackers often target locations where individuals are likely to search for free Wi-Fi. They set up rogue (fake) Wi-Fi networks, typically named to appear trustworthy.
For instance, the network name might mimic a legitimate public Wi-Fi, such as “Airport_Parking,” deceiving users into connecting.
QR codes provide necessary credentials, which, when a user scans with their smartphone or tablet, automatically connects to the Wi-Fi network without needing manual input.
Once connected, scammers can position themselves between users and websites or services, capturing data like login details, personal information, and financial records before reaching the site.
Tips to Avoid QR Code Scams
As more people use QR codes for payments and data sharing, knowing how to stay safe from scams is essential.
Here are some steps to protect yourself:
Reset your login Credentials
If you suspect a scanned QR code is malicious, update your login credentials immediately, especially for social media, email, and bank accounts. This helps prevent unauthorized access.
Verify the Preview Link
When you scan a QR code using your smartphone’s camera or a third-party app, the first step typically involves previewing the link you are about to access. At this stage, verifying the link’s legitimacy before proceeding is wise.
Avoid Tampering
Before scanning a QR code, make sure it does not cover the original. To prevent fraud, always verify with the vendor or salesperson that the payment credentials on your app are accurate.
Conduct a Reverse Lookup
If you ever feel uncertain about the authenticity of the link embedded behind a QR code, try employing a reverse lookup search. This improves security by showing where the QR code’s details come from.
True Stories of QR Code Fraud Around the World
It is common for individuals, even those with technical expertise, to fall victim to fraudulent tactics. Below are real-world examples of how individuals have been misled.
Rental Property Scam
In October 2024, a 19-year-old student from Kharghar, Navi Mumbai, fell victim to a scam while searching for accommodation near his college. After contacting a fraudulent rental website, he was asked to make an initial payment of $115 via a QR code. The scammer ultimately deceived him into transferring over (₹15 lakhs) $17,000.
Bubble Tea Shop
In Singapore, a 60-year-old woman scanned a QR code at a bubble tea shop, which installed malware on her Android phone. Scammers then accessed her device and transferred $20,000 from her bank account while she slept.
US Energy Company
In August 2023, a U.S. energy company was targeted in a phishing attack. Emails with QR codes directed employees to fake Microsoft 365 login pages, bypassing traditional email security filters.
Britain’s Car Parks
In late 2024, UK drivers were warned about a car park scam where fake QR codes replaced legitimate payment codes, leading to fraudulent websites that stole payment details.
Defend Yourself from False QR Codes
QR codes make life easier, but scammers are always looking for ways to take advantage of them. Simple steps like checking links, avoiding tampered codes, and updating your passwords can keep your information safe.
Need help to find information on someone and stay safe from any scams? Our search specialists can guide you in the right direction and uncover hidden truths about people. Here’s what one of our clients had to say after using our services:
“Erin was courteous and professional. I was worried about receiving wrong info, and she provided good guidance. I appreciate her help.” – Lois Rannick
