Why You Should Avoid Scanning An Unknown QR Code

QR (Quick Response) codes are everywhere these days. You'll spot them on restaurant menus, business cards, product packages, and even concert tickets. A big reason they've caught on is convenience. With just a quick scan, you can jump to a website, connect to Wi-Fi, or save contact details. But while QR codes are undeniably useful, you still have to be cautious. Their popularity has made them a new tool for scammers looking for clever ways to fool people.

It's quite easy for anyone to create a QR code that looks completely legitimate. Scammers can swap out real codes in public places with fake ones, send them through email or text, and even slip them into ads. When you scan one of these, it might take you to a fraudulent website or prompt you to install malicious apps on your phone. Take a scam in San Francisco, for instance, where scammers left fake parking tickets on cars. Each ticket had a QR code that led to a site designed to look exactly like the city's official transit page, tricking people into paying a bogus fine. 

Scammers also use QR codes to run cryptocurrency scams. In one case last year, a scammer created a fake YouTube channel and livestreamed a video with a deepfake of Elon Musk. In the video, the fake Musk promised to double any crypto sent to him. Viewers just had to scan the QR code on the screen and transfer their crypto to take part in what was framed as an investment opportunity. 

Scammers also use QR codes in phishing emails, a tactic commonly referred to as "Quishing." These messages are made to look like they're from a trusted company. It usually tries to get you to scan the QR code by claiming there's an issue with your account or that you need to update your password. Once you do, the code directs you to a fake website that asks you to enter your account information or credit card details. QR codes like these can also show up in text messages. 

Another common trick is sending unexpected packages to your address with no clear information about who sent them. Inside, there's usually just a QR code and a note asking you to scan it to claim a mystery gift or return the package. Scanning the code might take you to a phishing site that tries to steal your personal information or get you to download a fake app. 

QR code scams work because they let scammers hide the dangerous links behind what look like harmless QR codes. The truth is, scanning a random QR code isn't much different from clicking an unverified link — you never really know where it's taking you. Fortunately, there're a few things you can do to protect yourself from these scams. 

Before scanning a QR code, make sure you check where it came from. If you got it in an unexpected email or with a package you weren't expecting, it's safer not to scan it. For QR codes you find in public places and restaurants, watch for signs of tampered codes, like one pasted over another one or small errors in the name or logo. 

If you must scan a QR code, make sure to check the link before clicking on it. Both iPhone and Android phones usually show a preview of the URL when you use the built-in camera app, so treat that link like you'd one in an email. Check the hyperlink to see where it leads, and watch out for misspellings or suspicious-looking domains. Some QR codes also use shortened URLs, which can make it harder to tell where you're actually being taken, so always be cautious before tapping through.

If you accidentally land on a sketchy-looking website, avoid entering any personal information. If it asks you to download an app, search for it directly on the Play Store or App Store and get it from there instead. It's also a good idea to stay informed about the latest QR code scams so you can avoid falling for one yourself.