Don't Get Scammed by Fake QR Codes! Here's How to Spot Them

Don't Get Scammed by Fake QR Codes! Here's How to Spot Them

“I wouldn’t use the term ‘fake QR codes,’ but maybe use the term ‘fraudulent QR codes,' the distinction being that a QR code can be real — it’s functional and will take the user to a website when scanned — but it may be designed to take the user to a fraudulent website that is posing as a legitimate site,” explained Zack Morrison, chief technology officer and cofounder of Brij, a platform that connects physical products and digital experiences through QR codes.

When the coronavirus pandemic hit, Quick Response (QR) codes became a popular means for governments and businesses to obtain relevant information from the public who require their services or goods. It's been a quicker and safer means since there is no need for any physical contact and writing with a pen. The code just needs to be scanned, and the user is taken to a site where he provides information needed for his request or order to be processed.

 width= Photo: YouTube/How It Happened

QR codes have also been helpful in the massive efforts of government and health authorities to control the spread of COVID-19. For many countries, contact-tracing and community-based restrictions became easier with the use of these barcodes. All these advantages have made us feel that QR codes are totally safe and dependable.

However, experts warn that this is not true.

Criminals have been creating QR codes that would lead innocent people to fraudulent websites. These fraudulent sites have been designed to obtain data from their victims that would enable these unscrupulous characters to steal credit card information, financial records, and log-in credentials.

Moreover, according to Kaspersky, "Because humans cannot read QR codes, it is easy for attackers to alter a QR code to point to an alternative resource without being detected. While many people are aware that QR codes can open a URL, they can be less aware of the other actions that QR codes can initiate on a user’s device. Aside from opening a website, these actions can include adding contacts or composing emails . . . Some websites do drive-by downloads, so simply visiting the site can initiate a malicious software download."

 width= Photo: YouTube/How It Happened

If humans cannot spot a so-called fake QR code, how can we prevent ourselves from getting scammed?

With a good dose of skepticism and caution, experts say we can still outsmart criminals, as published in Reader's Digest Asia:

  • According to Eric Florence, a cybersecurity analyst with SecurityTech, “A legit QR code is never going to take you to a page that tries to scare you into inputting your personal information. If there are any fear tactics or time constraints, it’s a scam.”
  •  width= Photo: YouTube/How It Happened
  • Beware of a QR code on a flyer. Craig Lurey, chief technology officer and cofounder of Keeper Security, advises people to refrain from scanning QR codes that don't blend with the background. Also, QR codes on stickers should be avoided since criminals could easily place a sticker next to a flyer of a legitimate business.
  • Take time to verify from an employee if a QR code in their store or restaurant is their real one before you scan. Someone might have replaced it without their knowing.
  • Another way to make sure that a QR code is safe is to look at the URL of the website where it will direct you. Check if it's the company's URL or some strange website's. If it's unfamiliar, it's best not to scan the QR code.
  •  width= Photo: YouTube/How It Happened
  • But what if you have already scanned the QR code? Kristen Bolig, CEO of home security company SecurityNerd, shares these wise words, “Once you’ve scanned a QR code, look at the URL of the website to ensure that it is legit. For example, it should start with ‘https://’ and not ‘http://.'" If you find yourself in a strange site, leave it quickly. You must also not download QR code scanning apps since these often carry malware. If you can invest in a security app, it can provide you with better protection from scammers and data-gathering sites in league with marketers.

Experts also advise that it's best to use two-factor authentication that can give criminals a hard time to access our online accounts.

https://www.youtube.com/watch?v=k09ip9Z6TCk

Doris de Luna

For more than 20 years now, I’ve been devoting my heart, energy, and time to fulfilling my dream, which – many people may agree – is not among the easiest aspirations in life. Part of my happiness is having been able to lend a hand to many individuals, companies, and even governments as an investigative journalist, creative writer, TV director, and radio broadcaster.


At home, I spend my free time learning how to cook various cuisines. Tiramisu, chocolate mousse, and banoffee pie are my favorite desserts. Playing with our dogs, Mushu and Jerusalem, is also a special part of my day. And, of course, I read a lot – almost anything under the sun. But what really makes me feel alive is meeting people from various walks of life and writing about their stories, which echo with the tears and triumph of an unyielding spirit, humanity, and wisdom.

Back to blog