Don't Blame QR Codes for Scams: They're Victims, Too

QR code scams (“QR phishing” or what people now call "quishing") are all over the news these days. Researchers are saying phishing attacks using QR codes have skyrocketed by a 1,265 percent.

I myself have almost fallen victim to one. It was a tampered QR glued to a parking meter where I was supposed to pay my ticket.

Upon scanning, it led me to a website that resembled the legitimate one—only that something seemed off: There was a misspelling in the URL.

I took a screenshot, after which I closed the browser window on my phone. I went to report the incident to the customer support of the said ticketing company.

Scammers will always find ways to fool the unsuspecting public.

But some are blaming QR technology for giving ill-mannered whack jobs a new avenue for stealing money from unsuspecting individuals, but really, whose fault is it?

QR code usage has seen a 433% jump in just two years—with a projected 2.5 billion scans by the end of 2027

Meteoric rise in usage

QR (short for quick response) codes have become quite the norm for almost everything we do—paying for things, ordering food at the restaurant, or even uncovering easter eggs on Netflix shows. It's no surprise scammers are trying to get in on the action.

In fact, QR code usage has seen a 433% jump in just two years—with a projected 2.5 billion scans by the end of 2027—so it’s only a matter of time before the bad guys spotted a window of opportunity to exploit them.

"Quishing is a real threat," warns Benjamin Claeys, a QR code expert and the CEO of QR TIGER. "Even small attacks can cause big problems—think lost money and ruined reputations. We need to understand how these scams work so we can keep using QR codes safely."

How to spot a good QR from a bad one

So, how do you avoid becoming a quishing victim? Here are a few telltale signs:

• Unknown source
• Unsecure URL
• Distorted QR code design
• Page does not match the call to action
• Wrong grammar or misspelled URL
• Landing page requests for sensitive information

Tips on how to spot a quishing scam

QR code scams could be hiding in the most unexpected places. I asked our QR code expert some advice on how to recognize a QR phishing scam, and he shares the following tips.

Tip No. 1: Be suspicious of what you scan

Before you scan any QR code, check the 3 Ls: Location, legitimacy, and link. QR codes from trusted sources usually have a logo, are located in well-lit places, and use a custom domain.

Tip No. 2: Use the smart features of your device

Turn on safe browsing and enhanced protection features on your phone and computer. Think of it as an extra layer of security.

Tip No. 3: Be critical of the webpage it leads to

Don't give away personal details until you're sure the QR code and the landing page it takes you to are legitimate. Suffice to say, never share your financial information unless you know the website you’re dealing with. Safe websites usually start with "https" and has the padlock icon.

Tip No. 4: Don't give in to pressure

Scammers often try to make you act fast—making it appear urgent. Real businesses don't usually do that. Take your time and be cautious.

Tip No. 5 for businesses: Make your QRs tamper-proof

If you're a business using dynamic QR codes, track your scans. A sudden spike in scans from weird places could mean someone's trying to pull something fishy. To be extremely safe, use a reliable QR code generator and embellish it with your branding and logo.

Conclusion

QR codes themselves are generally safe—they're just a way to share information. The problem is how they're used.

So, to sum it up: Use a reliable scanner, be extra cautious when scanning QR codes, think twice before you share sensitive information. Or, if you’re on the business side of things, always choose a reputable QR code generator.

Scams are everywhere—on emails, SMS, even on social media. QR codes are not the problem. People with malicious intent are.