Your browser is unsupported

We recommend using the latest version of IE11, Edge, Chrome, Firefox or Safari.

Scan with Caution: Protecting Yourself from QR Code Scams and Cyber Threats

Posted on October 29, 2025
Illustration of person on bike looking at their smartphone. Large smartphone displaying QR code.

QR codes have become a familiar presence in our daily lives at home and in the office.  They make accessing websites, making payments, and sharing data convenient. Unfortunately, QR codes also present some security risks. Hackers exploit QR codes to conduct malicious activities and compromise personal and business data and systems.

 

Security Risk

QR Phishing Attacks (Quishing)

  • Cybercriminals can create fake QR codes that redirect users to malicious websites designed to steal sensitive information such as login credentials or credit card details.
  • These fake codes may be placed over legitimate ones or in strategic locations like parking meters, restaurant menus, or public signs.
  • QR codes can also lead to fraudulent payment portals, compromising your financial account and resulting in monetary loss.
  • Attackers may divert legitimate payments to their own accounts, making these scams both deceptive and financially damaging.

Malware

  • Scanning a malicious QR code can trigger malware downloads, which could in turn lead to data theft, unauthorized access, or device compromise
  • Some malware can silently monitor your activities and send that data to attackers, which could include passwords, credit card information, messages, and even your photos.
  • Ransomware can be used to hold your data hostage or lock your device until a ransom is paid.

Data Collection

  • Malicious QR codes can collect personal data and send it to the attacker, such as:
  • Location, device information, or browsing history

Session Hijacking (QRLjacking)

  • QR code-based login systems that have vulnerabilities can allow attackers to hijack user sessions and gain unauthorized access to accounts
  • Attackers can intercept private messages by compromising encrypted messaging apps

Device Configuration Manipulation

  • Malicious QR codes can be used to change your device settings without your knowledge, such as
  • adding contacts for future social engineering attacks
  • connecting you to malicious Wi-Fi networks, or configuring VPNs to intercept your data

Best Practices

  • Type webpage addresses yourself, rather than scan a QR code
  • Ask for alternatives to use a QR code, such as a paper menu, or another method of payment
  • Only scan QR codes from trusted sources
  • Be careful of QR codes that are on stickers instead of being printed directly on the document
  • Use a legitimate scanning app that shows you the URL that the QR code will direct you to, and make sure it is expected before going to the site
  • Many phones have a scanner built into the camera that will show you the URL
  • Install and update security software on your device
  • Avoid downloading or installing applications prompted by QR codes

 

Understanding the risks of QR codes and what to look for will help you protect yourself in your private and work life.

Modified on October 29, 2025