The Qualms of QR Codes

posted by Mike Burke on Wednesday, December 20, 2023 in SHAZAM Blog

Quick-response, or QR codes, are used every day. These square-shaped images are readable by a mobile device's camera to open links and access information. They are widely used by consumers to view menus at restaurants, pay for parking or get into a concert or sporting event.  

Over 94 million consumers will use their phone to scan a QR code this year, according to Insider Intelligence. Allied Market Research valued the global QR code payment market at $8.07 billion in 2020, with a projection of $35.07 billion by 2030.  

QR codes offer a measure of convenience for customers and help companies conduct business. But where the money goes, fraudsters will follow. And fake QR codes give bad actors a way to steal consumers' personal information. The good news is accountholders can help protect themselves by simply being aware of the risk and taking basic precautions. 

What is “Quishing”? 

Quishing, also known as QR code phishing, is a phishing technique involving fictitious QR codes. Using free online code generators, fraudsters create their own QR codes to steal people’s personal information. These fraudulent QR codes are sent to a person directly via text or email. Additionally, criminals will cover up a legitimate QR code from a business with a sticker over a flyer, menu or even a parking ticket. These fictitious QR codes, if scanned, redirect people to a fake payment site, to download a virus (malware) on a person's device or redirect them to a malicious site to gather personal identifiable information (PII), which could lead to identify theft. 

How to protect yourself 

Now that you know how the scam works, here are some ways to avoid scanning a fraudulent QR code from the Better Business Bureau

If someone you know sends you a QR code, confirm that it is legitimate before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure they haven’t been hacked.

Don’t open links from strangers. If you receive an unsolicited message from a stranger, don’t scan the QR code, even if they promise you exciting gifts or investment opportunities.

Verify the source. If a QR code appears to come from a reputable source, it’s wise to double check. If the correspondence appears to come from a government agency, call or visit their official website to confirm. 

Be wary of short links. If a URL-shortened link appears when you scan a QR code, understand that you can’t know where the code is directing you. It could be hiding a malicious URL.

Watch out for advertising materials that have been tampered with. Some scammers try to mislead consumers by altering legitimate business ads, such as placing stickers over the QR code. Keep an eye out for signs of tampering.

Install a QR scanner with added security. Some antivirus companies have QR scanner apps that check the safety of a scanned link before you open it. They can identify phishing scams, forced app downloads, and other dangerous links. 


SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 


comments powered by Disqus