Technical Fraud
QR Code Scams (Quishing)
Scammers replace legitimate QR codes with malicious ones that lead to phishing websites or malware downloads.
How It Works
- You encounter a QR code in a public place, like on a parking meter, restaurant menu, or promotional flyer.
- A scammer may have placed a sticker with their malicious QR code over the real one.
- When you scan the code, you are taken to a website controlled by the scammer.
- This website might be a convincing fake login page designed to steal your credentials, or it might prompt you to download a malicious app.
Red Flags
- A QR code on a sticker that appears to be placed over another one.
- Scanning the code leads to a website with a strange or non-secure (HTTP) URL.
- The resulting website immediately asks for login credentials or personal information without context.
- You are prompted to download software after scanning a code for a simple task like viewing a menu.
Prevention Tips
- Be cautious of QR codes in public places. Check for signs of tampering.
- Use a QR scanner app that lets you preview the URL before opening it in a browser.
- Never enter login details or financial information on a site you accessed via a public QR code.
- If you scan a code for payment (e.g., parking), double-check that the URL and payment portal are legitimate.
Example Scenario
"You scan a QR code on a parking meter to pay for your spot. It takes you to a website that looks like the city's payment portal, but the URL is slightly off. You enter your credit card details, which are stolen by the scammers."