How to protect Yourself from QR Code scams

By 2025, global expenditures via QR code payments will be projected to exceed $3 trillion, a substantial rise from $2.4 trillion in 2022. This growth, especially in markets like India, opens up vast opportunities for fraudulent QR code schemes, presenting a significant challenge in digital security.

QR codes have become a convenient tool for accessing websites, making payments, or sharing information. However, scammers have started exploiting them to trick unsuspecting victims into revealing sensitive information or sending money to fraudulent accounts. Here are some practical tips to help you stay safe from fake QR code scams:

1. Verify the Source

• Inspect Physical QR Codes: Check if the QR code is part of the original design or if it's been tampered with (e.g., a sticker placed over another QR code).
• Digital QR Codes: Only scan codes from trusted sources, such as official company websites, apps, or advertisements.

2. Use a Secure QR Code Scanner

• Some apps or smartphones have built-in scanners that can detect suspicious QR codes.
• Avoid using third-party apps from unknown developers.

3. Be Wary of Unsolicited QR Codes

• Scammers often use unsolicited emails, messages, or posters with QR codes leading to phishing websites.
• If you didn’t expect to receive a QR code, verify its authenticity through other means.

4. Preview the Link Before Opening

• Many QR scanners display the URL before navigating to it. Look for signs of a fake or suspicious link:
  • Misspelled domains (e.g., “paypall.com” instead of “paypal.com”).
  • Links shortened with services like bit.ly can be risky; use a URL expander to check where they lead.

5. Avoid Entering Personal Information

• Never input sensitive details like passwords, PINs, or banking credentials on websites accessed via QR codes, unless you’re certain about the site's legitimacy.

6. Report Suspicious QR Codes

• If you encounter a fake QR code, report it to the relevant authorities, such as the company it impersonates or your local cybercrime unit.

7. Educate Others

• Share information about QR code scams with friends, family, and colleagues to increase awareness and prevent further scams.

Scams using QR codes in real life

Fake Parking Payments

There are many public and private parking spots now that use QR codes in order to enable payment for parking. The quality of the QR code printed on the label looks to be legitimate, as can be seen by the image below.

It was announced by the City of Redondo Beach Police Department on August 24, 2024 that approximately 150 parking meters within the City of Redondo Beach had been found to have a fraudulent QR code. As a result of the fake QR code, people were redirected to a fraudulent website in order to gather their location and financial information. (Patrick T Fallon AFP Via Getty Images)

Fake Charity Donations

Scammers distributed flyers with QR codes claiming to link to donation sites for disaster relief. Victims unknowingly contributed funds to fake accounts.

In times of crisis, communities often come together to help those in need. Unfortunately, not everyone shares this spirit of generosity. Scammers have recently been exploiting people's goodwill by distributing fraudulent flyers with QR codes claiming to link to disaster relief donation sites. Victims who scan these codes unknowingly contribute funds to fake accounts, enriching criminals instead of aiding those in need.

How the Scam Works

The scam typically unfolds like this:

1. Flyer Distribution: Flyers, often designed to appear official, are distributed in public places, handed out door-to-door, or left on car windshields. They may include logos of legitimate organizations to look credible.
2. QR Code Placement: The flyers prominently feature QR codes, which supposedly direct users to secure donation portals.
3. Fake Websites: When scanned, the QR codes lead to websites that closely mimic those of legitimate charities or organizations.
4. Deceptive Donations: Victims enter their payment information, believing they are contributing to a noble cause. Instead, the funds go directly to scammers.

Red Flags to Watch For

To avoid falling victim to this scam, look out for these warning signs:

• Unsolicited Flyers: Be cautious of donation requests from sources you cannot verify.
• Generic Messaging: Scammers often use vague or emotionally charged language to manipulate their targets.
• Suspicious QR Codes: Legitimate organizations rarely rely solely on QR codes for donations.
• Mismatched URLs: Always check the website URL before entering personal or financial information. Look for subtle misspellings or odd domain names.

Steps to Protect Yourself

1. Verify the Source: Before donating, confirm the legitimacy of the organization through official channels.
2. Avoid Scanning Unfamiliar QR Codes: Use caution when encountering QR codes on unsolicited materials.
3. Donate Directly: Visit the official website of a trusted charity rather than relying on third-party links.
4. Report Suspicious Activity: If you encounter a fraudulent flyer, report it to local authorities or consumer protection agencies.
5. Educate Others: Share information about this scam with friends and family to raise awareness.

What to Do If You’re a Victim

If you suspect you’ve fallen victim to a QR code scam:

• Contact Your Bank: Notify your financial institution immediately to stop unauthorized transactions.
• File a Report: Report the incident to your local law enforcement and fraud monitoring agencies.
• Monitor Your Accounts: Keep a close eye on your bank and credit card statements for any unauthorized charges.

Check out this video from againstkeepnetlabs to see how you can protect yourself from QR code phishing attacks with our QR Code Phishing Simulation software by watching the video below.Check out this video from againstkeepnetlabs to see how you can protect yourself from QR code phishing attacks with our QR Code Phishing Simulation software by watching the video below.Check out this video from Keepnet Labs LTD to see how you can protect yourself from QR code phishing attacks

When in Doubt

If you suspect a QR code might be fake, don’t scan it. Always double-check with the source—whether it’s a restaurant, business, or individual to confirm its legitimacy. Staying vigilant can save you from potential financial or data theft.

Scammers thrive on the goodwill and urgency that disasters evoke. By staying vigilant and informed, you can protect yourself and your community from falling prey to these deceptive tactics. Always take the time to verify the authenticity of donation requests, and remember—when in doubt, donate directly through well-established and trusted organizations.

Your generosity can make a difference, but it’s essential to ensure that your contributions reach the people who truly need them.

* You may refer to similar blogs for inspiration or additional insights about QR codes.

• QR-code scanning on smartphones in 2019 and 2020, along with forecasts through 2025
• Qr code payments in Japan statistics and facts.

* Some information in this blog is sourced from the Los Angeles Times, BBC, NBC Los Angeles, Internet Crime Complaint Center (IC3), and the Keepnet Labs LTD.