1
Infosecurity Magazine. (2023). QR codes used in 22% of phishing attacks.
QR codes have become a convenient tool for everything from paying for goods online to registering for services or viewing menus at restaurants. Their ease of use has made them increasingly popular, but scammers have also taken notice.
This article includes tips, suggestions, and general information. We recommend that you always do your own research and consider getting independent tax, financial, and legal advice before making any important decision.
One study across 125 countries found that 22% of all phishing scams used QR codes to make victims download or access malware. Worse, only 36% of those surveyed knew how to identify and report QR scams.1
Fraudsters create fake QR codes that, when scanned, can lead to payments being sent directly to criminals or even trigger the download of harmful viruses onto devices.
This article explores what QR code scams are, how to avoid falling victim to them, and the best practices for using QR codes safely.
Fake QR code scams involve the creation and use of counterfeit QR codes by fraudsters to deceive unsuspecting victims. These malicious QR codes are designed to lead users to fraudulent websites where harmful software or malware is secretly installed on their devices. Once infected, the malware can steal sensitive personal information, such as passwords, banking details, and other confidential data.
Scammers often place these fake QR codes in locations where people expect to find legitimate codes, such as in emails, on posters, or on parking meters.
"Quishing" is a type of QR code scam delivered via email, combining the terms "QR" and "phishing." In a typical quishing scam, the email appears to be from a legitimate source, such as a well-known company, a bank, or even a trusted contact. The email will contain a QR code and prompt the recipient to scan it for a seemingly beneficial action, such as claiming a refund, accessing a discount, or verifying an account.2
These emails are often crafted to look convincing, complete with company logos and professional language, making it difficult for recipients to detect the scam.
PayPal's phishing protection page provides more information about how to stay safe from phishing scams.
Fake QR code ticket scams are particularly common for events like concerts, festivals, and sports games. Scammers create counterfeit tickets with fake QR codes that appear legitimate. These fake tickets are often sold at discounted prices through unofficial channels, such as resale websites or social media.
When the buyer attempts to use the ticket, the QR code fails to scan, leaving them unable to access the event and having lost their money. This type of scam also results in disappointment, especially for high-demand events where genuine tickets are hard to come by.
Fake QR code coupon scams lure victims by offering attractive discounts or special offers. These scams typically involve counterfeit QR codes embedded in coupons, either online or in print, that lead users to fraudulent websites. Users scan the QR code, believing they are accessing a legitimate offer.
These scams prey on the desire for savings, making it crucial to verify the authenticity of any coupon before scanning the QR code.
Fake QR code text scams, also known as SMS phishing or "smishing," involve sending malicious links or QR codes via text message. These messages often promise prizes, rewards, or urgent actions that require immediate attention, such as confirming a delivery or claiming a prize.
To stay safe, it’s important to only scan QR codes from trusted sources, such as reputable businesses, verified marketing materials, or official websites. Take a moment before scanning to assess whether a QR code seems out of place or suspicious, and to avoid codes from unsolicited emails, text messages, or unfamiliar locations.
The PayPal Security Centre offers more tips on safeguarding finances from fraud.
PayPal QR codes offer a secure way to make payments, backed by robust security features designed to protect users from fraud. These QR codes are generated and verified by PayPal.
When paying with PayPal QR codes, users benefit from encrypted transactions, which help prevent unauthorized access to financial information. Additionally, PayPal's buyer protection policies extend to transactions made via QR codes, offering peace of mind when shopping online or in person.
If you accept cookies, we'll use them to improve and customise your experience and enable our partners to show you personalised PayPal ads when you visit other sites. Manage cookies and learn more