2check.click

4 min read Last updated: June 2026

QR Code Scams Explained

Learn how QR code scams work, why quishing is growing, common examples, warning signs, and how to protect yourself.

QR code scams, also known as quishing attacks, use QR codes to send victims to fraudulent websites. The scam may appear in an email, a printed poster, a parking meter, a restaurant table, a package notice, or a payment request.

Because QR codes hide the destination, victims often scan them without realizing they are being redirected to a phishing page.

What Is a QR Code Scam

A QR code scam is any fraud that uses a QR code as the delivery method. The QR code may open a fake website, redirect through multiple domains, request payment, or ask the user to log in.

The scam works because people trust QR codes as convenient shortcuts — see Are QR Codes Safe? for a closer look at why that trust can be misplaced.

Common QR Code Scam Examples

Fake Parking Payment QR Codes

Scammers place fake QR stickers on parking meters. The victim scans the code and pays through a fake website. The attacker collects card details or payment information.

Fake Delivery Notices

A message claims that a package is delayed and includes a QR code for tracking or address confirmation. The QR code leads to a fake courier website.

Fake Bank Verification

The user receives a QR code claiming that bank account verification is required. The destination page collects login credentials or one-time codes.

Fake Restaurant Menus

In some cases, QR codes on tables may be replaced or tampered with. The victim scans a code and lands on a fake menu or payment site.

Crypto Wallet Scams

QR codes are commonly used in crypto transactions. A scam QR code may send funds to the attacker’s wallet instead of the intended recipient. For more on how attackers tamper with printed and digital codes, see Fake QR Code Scams.

Why QR Code Scams Are Effective

  • The destination is hidden until scanned.
  • People scan QR codes quickly on mobile devices.
  • QR codes can bypass some email filters.
  • Printed QR codes can be physically replaced.
  • Users may not inspect the domain before opening the link.

Warning Signs of a QR Scam

  • The QR code appears in an urgent message.
  • The page asks for passwords or card details.
  • The destination domain looks unrelated to the claimed company.
  • The QR code uses a shortened link.
  • The printed QR code looks like a sticker placed over another code.

How to Protect Yourself

Before opening a QR code, preview the destination. If the destination is hidden, shortened, or unrelated to the claimed brand, do not continue.

Use a QR safety checker when the code comes from an email, SMS, public place, or unknown sender. 2check.click can decode QR codes and analyze the destination for phishing indicators.

What to Do If You Scanned a Suspicious QR Code

  • Close the page if it looks suspicious.
  • Do not enter passwords, card details, or verification codes.
  • Change your password if you logged in.
  • Contact your bank if you entered payment details.
  • Report public QR tampering to the organization responsible for the location.

If you already entered sensitive information, follow the steps in I Clicked a Phishing Link, What Now?

FAQ

What is quishing?

Quishing is phishing that uses QR codes instead of regular links.

Can a QR code redirect to a fake website?

Yes. Many QR scams use redirects to hide the final destination.

How can I check a QR code safely?

Use a tool that decodes the QR code and shows the destination before opening it.

Final Thoughts

QR code scams are growing because they are simple and effective. Treat unknown QR codes like unknown links. Check the destination before opening, especially when money, passwords, or personal data are involved.

Popular Guides

Received a suspicious link?

Analyze it now →

Related Articles