Greg's Corner

Tagged: quishing Toggle Comment Threads | Keyboard Shortcuts

• 

  Geebo 9:00 am on November 13, 2025 Permalink | Reply
  Tags: qr codes ( 11 ), quishing, Scams ( 1,609 )   

  QR Codes: The New Scam Frontier 

  

  By Greg Collier

  Fake parking signs, restaurant menus, and charity posters are being used to steal credit card data and personal information. Here’s how to protect yourself before you scan.

  A Quick Scan Turns Costly:

  You’re out to dinner and notice the restaurant no longer uses printed menus. You scan the QR code on the table, browse, and pay your tab through the link that pops up. A few hours later, your bank alerts you to unauthorized charges.

  Or you park downtown, scan a QR code on a street sign to pay for parking, and only realize later that the city never used QR codes for parking at all.

  Across the country, law enforcement agencies are warning consumers about a sharp rise in QR code fraud, a new form of cybercrime where scammers replace or mimic legitimate codes to steal money or personal data. The FBI issued a nationwide alert earlier this year after cities in Texas, California, and Florida reported hundreds of fake QR sticker incidents on parking meters and storefronts.

  What’s Going On:

  Scammers use small adhesive labels or digital edits to swap real QR codes with fake ones. These codes redirect unsuspecting users to malicious websites designed to:

  • Steal credit card or banking information during “payments”
  • Install malware that collects data from your phone
  • Capture login credentials for social media or financial accounts
  • Enroll victims in hidden subscription services

  The code itself looks harmless—just a black-and-white square—but it can send your device anywhere. Because people are conditioned to trust QR codes, they rarely think twice before scanning.

  Why It’s Effective:

  • Habit and convenience: QR codes are everywhere—from menus to parking meters—and most people assume they’re safe.
  • No visible clues: Unlike phishing emails or spam links, QR scams don’t contain obvious spelling errors or suspicious URLs until it’s too late.
  • Contactless culture: Since the pandemic, QR scanning has become second nature for millions, creating a perfect opportunity for fraud.
  • Anonymity for scammers: Replacing a sticker on a public surface takes seconds and leaves no trace.

  Red Flags:

  • QR codes on public signs that look crooked, bubbled, or slightly off-center (often covering another sticker beneath).
  • A payment or menu page that opens in a browser rather than a familiar app.
  • URLs that start with misspellings, unfamiliar domains, or odd endings like “.co” or “.info.”
  • Unexpected requests for credit card information, login credentials, or account verification.
  • Messages urging you to “scan now” for rewards, free offers, or urgent payments.

  Quick Tip: Before you scan, look closely. If the QR code is on a sticker or looks like it’s been added after the fact, avoid it and go directly to the business’s official website instead.

  What You Can Do:

  • Verify before scanning: Only scan codes that you trust—especially when money or logins are involved.
  • Check the URL: After scanning, confirm the web address matches the business’s official domain before entering payment details.
  • Use your phone’s security features: Enable safe browsing tools that flag risky websites.
  • Manually type when in doubt: For parking, restaurants, or donations, it’s safer to enter the official site manually rather than scan a code.
  • Educate employees and family: QR fraud is spreading fast in offices, small businesses, and schools.

  If You’ve Been Targeted:

  1. Report fraudulent charges immediately to your bank or credit card company.
  2. Run a full security scan on your device and delete suspicious apps or browser data.
  3. Change passwords associated with any accounts you accessed after scanning the code.
  4. Report the incident to local authorities and at ReportFraud.ftc.gov.
  5. Inform the business or property owner where you found the fake QR code so they can remove it.

  Final Thoughts:

  QR codes were designed for convenience, but scammers have found a way to turn them into digital traps. A quick scan that saves time can now open the door to theft.

  The next time you see a QR code on a public sign or poster, pause and think before you scan. Checking for authenticity takes seconds and could save you from hours of financial recovery.

  Trust your instincts—and remember, convenience should never come at the cost of security.

  Further Reading:

  • FBI Public Service Announcement: Criminals Using QR Codes to Steal Victim Data (2025)
    
  • ABC News: Police Warn About Fake QR Code Stickers on Parking Meters in Texas (April 2025)
    
  • The Verge: QR Code Scams on the Rise as Contactless Payments Expand (May 2025)
   

  Leave a ReplyCancel reply
• 

  Geebo 8:00 am on October 6, 2023 Permalink | Reply
  Tags: phishing ( 91 ), qr codes ( 11 ), quishing, Scams ( 1,609 )   

  New QR code scam could show up in your inbox 

  

  By Greg Collier

  First, there was phishing, the emails from scammers that tried to get you to click on malicious links. Then there was smishing where scammers tried to get you to click on malicious links in SMS/text messages. Now, there is a new scam called ‘quishing’, which involves QR codes.

  QR codes are similar to the bar codes that get scanned at the supermarket. Except, in the case of QR codes, they direct you to a website. They’re essentially fancy links. When you scan a QR code with your phone’s camera, a URL will pop up for you to click on. While QR codes are used in many industries, their most common use is for advertising. You might see an ad that contains a QR code that will direct you to a sale on a retail site, for example.

  Scammers are now said to be sending emails containing QR codes. The scam emails are made to look like they’re being sent from well-known brands and companies. The email will ask the recipient to scan the QR code to receive some kind of discount or special offer. What actually happens when the code is scanned, the victim is taken to a website that infects their device with malware. From there, the scammers can potentially access any app you may have on your phone. The QR code could also take you to a website that’s cloned from the brand the scammers are imitating, where a victim will be asked for personal or financial information.

  After scanning a QR code, take a close look at the URL or web address it leads to. Be cautious if it appears to be misspelled, overly complex, or has a suspicious domain.

  If you happen to scan a fraudulent QR code, it’s crucial to promptly update your passwords for any affected accounts to prevent unauthorized access by scammers. Additionally, take immediate measures to enhance the security of your financial accounts. Enabling two-factor authentication (2FA) on these accounts is another effective way to bolster their protection against unauthorized access.