How to dodge fraudulent QR codes

Editor’s note: This is an edited QR Code Generator article that originally appeared under the title “Expert reveals tips amid rising QR code scams.”

With the alarming emergence of new QR code scams, QR Code Generator has revealed some expert tips to avoid falling victim to false codes and phishing scams. 

The top five tips include:

  1. Avoid making payments through a public QR code.
  2. Do not scan QR codes from unsolicited e-mails.
  3. Check QR code destinations.
  4. Don’t fall victim to your own curiosity.
  5. Do not download QR code apps.

This article will explain why using caution while scanning QR codes, especially public ones and those used for payments, is key to avoiding any possible scams.

1. Avoid making payments through a public QR code

Any QR code is susceptible to tampering, but those placed in public are particularly so. With payment being one of the prime purposes of QR codes, make sure any code you scan in public is untampered.

If scanning a publicly placed QR code, such as in a parking lot, check for signs that the code is the one you wish to scan. For example, is there actually a sticker over the original code that you are scanning instead or any other suspicious signs? A QR code scam will direct a device to a seemingly official, but phony website which can steal credit card information when entered.

QR codes created for such scams could be found in restaurants, shopping malls, bars or several other public places. Parking lot scams, however, are currently on the rise. If in doubt, do not pay through a QR code. There is almost always an alternative way to make a payment, like entering the URL yourself or paying at a nearby pay station.

2. Do not scan QR codes from unsolicited e-mails

E-mail inboxes are often bombarded with links and attachments that may be malicious. While most e-mail services can detect these, they usually can’t for QR codes. Always think: Do I know the sender of this e-mail? If so, are they who they claim to be? Many scams claim to come from a trusted retailer like Amazon. Generally, simply avoid scanning QR codes in e-mails altogether.

3. Check QR code destinations

Your phone will display the URL to which a QR code is trying to send you and only take you there if permitted. Check if the URL is legitimate by looking for extended domain names. Multiple hyphens and symbols are common in malicious links and well-known names may be included in the URL to trick you. Just because a URL has “Google” in it, does not mean it is legitimate, so look out for suspicious URLs.

It is possible to end up on a malicious website, even after taking great care, so when you have landed on a site through a QR code, remain vigilant. Unprofessional design, low-resolution images, poor grammar or typos, can be telltale signs of a fraudulent website.

4. Don’t fall victim to your own curiosity

Similar to how e-mail scammers may entice victims, scanning a QR code may be incentivized with the promise of a reward or by creating curiosity to bypass your suspicions. Be extremely wary of any QR code that gives you the chance to “win” anything, offers up a survey or promises free goods or services. QR codes may even be sent to you in leaflets or letters, but always make sure to follow the tips above, especially if a code has made its way to you without your asking.

5. Do not download QR code apps

Your phone's camera is capable of scanning and following QR codes. The misconception that you might need a new app to do this can lead to downloading fraudulent software that asks for extensive permissions and may try to install malware on your device. Always use your phone’s default camera for QR code scanning.