At BeScamAware, we are dedicated to empowering individuals and communities to fight scams and fraud. Through education, awareness, and collaboration, we aim to create a safer world where everyone can confidently navigate the challenges of a rapidly changing digital and physical landscape. Together, we can outsmart the fraudsters, protect one another, and build a future free from deception. Let’s take a stand—because knowledge is power, and prevention is the best defence.

Get In Touch

Email

info@bescamaware.org

The QR Code Scam (Quishing)

BeScamAware > Scam of the month > The QR Code Scam (Quishing)

The QR Code Scam (Quishing)

QR codes have become part of everyday life.

A few years ago, most people rarely encountered them. Today, they’re everywhere. We scan them to pay for parking, order food in restaurants, access event information, download apps and visit websites. They’re quick, convenient and, for most of us, completely routine.

That’s exactly why scammers have started using them.

As summer arrives and people spend more time travelling, attending festivals, eating out and exploring new places, QR code scams become increasingly effective. Security experts often refer to these scams as “quishing”, a combination of QR code and phishing, but the principle is surprisingly simple.

Instead of sending you a suspicious email link, scammers encourage you to scan a QR code.

The result is often the same.

You end up on a fake website designed to steal personal information, payment details or login credentials.

The challenge is that QR codes feel trustworthy. Unlike a suspicious email or text message, a QR code doesn’t immediately trigger alarm bells. It’s just a square pattern on a poster, a table, a parking machine or a leaflet. Most people scan first and think later.

That’s what scammers are counting on.

Imagine arriving in an unfamiliar town and parking your car. You walk over to the payment machine and see a QR code offering a quick and easy way to pay. It seems perfectly normal. You scan it, enter your card details and carry on with your day.

What you may not realise is that the original QR code has been covered with a fake sticker. The payment page looks convincing, but the money isn’t going to the car park operator. It’s going to a scammer.

The same thing can happen at restaurants, festivals, train stations and tourist attractions. In some cases, the QR code itself isn’t fake, but it directs users to a cloned website that closely resembles a legitimate business. The branding looks right, the layout looks professional and the process feels familiar.

By the time something feels wrong, the information has already been handed over.

What makes these scams particularly effective is that they exploit convenience. QR codes were designed to remove steps and make life easier. Instead of typing a web address, you simply scan and continue. Instead of searching for a website, you arrive there instantly.

Convenience is useful, but it can also encourage people to skip the checks they would normally make.

Scammers understand this. They know that people are often distracted when they scan QR codes. Perhaps they’re trying to catch a train, pay for parking before a meeting or quickly order food while talking to friends. These are moments when attention is divided and decisions are made quickly.

The scam doesn’t need to be sophisticated. It simply needs to appear at the right moment.

Another reason QR code scams work so well is that most people never see the destination before they arrive. When you click a link in an email, you might hover over it or inspect the address. With a QR code, the process feels more automatic. Many people scan without checking where the code is taking them.

That blind trust is exactly what criminals are exploiting.

The good news is that avoiding these scams doesn’t require technical expertise. It simply requires a brief pause.

If a QR code appears in an unexpected place, looks like it has been stuck over another code or immediately asks for payment information, it’s worth taking a closer look. After scanning, check the website address before entering any details. If something feels unusual, stop and verify it through official channels.

Most importantly, remember that a QR code is simply another way of opening a web link. The same caution you would apply to an email link should apply to a QR code.

Protect yourself with Stop · Check · Ask · Monitor (SCAM)

STOP

Pause before scanning or entering information. Convenience should never replace caution.

CHECK

After scanning, take a moment to check the website address carefully. Make sure it matches the organisation or service you expect to be dealing with.

ASK

Ask yourself whether the request makes sense. If you’re unsure, speak to a member of staff or visit the organisation’s official website directly.

MONITOR

If you’ve entered personal or financial information, keep an eye on your accounts and transactions. The sooner suspicious activity is spotted, the easier it is to deal with.

A final reminder this June

Scammers don’t always need to send a suspicious email or text message.

Sometimes, all they need is a small black-and-white square in exactly the right place.

Before you scan, take a moment to stop, check, ask and monitor.

BeScamAware – Stay alert, stay safe.
Stop · Check · Ask · Monitor

Do you have a Scam Story To Tell?

Get in touch with us today and help provide valuable information in the fight against the scammers.
By sharing our stories we can all learn how to spot the signs of scams and build a stronger community.

Share your experience

Important Links

Newsletter

Your e-mail address is only used to send you our newsletter and information about the activities of BeScamAware. You can always use the unsubscribe link included in the newsletter.

Menu
Copyright © 2026

Disclaimer: The information provided on this website is for general informational purposes only and does not constitute legal, financial, or professional advice. While every effort has been made to ensure the accuracy of the content, AI-generated images and materials have been utilized to enhance the user experience. As a result, some inaccuracies or errors may be present. Users are advised to independently verify all information before relying upon it. The website owner assumes no liability for any errors, omissions, or consequences arising from the use of this content.