Since the COVID-19 pandemic QR codes have surged in popularity and have now become integrated into our everyday lives. They can be found everywhere, both online and out in public. From ordering food at a venue to paying bills or setting up two-factor authentication, QR codes provide a convenient and efficient way to complete tasks.

Many people don’t think twice before scanning a QR code, not realising that they can actually pose a major cyber security risk. QR code phishing is a cyber scam on the rise, so we’ve summarised everything you need to know to stay safe.

The Dangers of QR Codes

Anyone can create a fully customisable QR code online using a free website. This has created major opportunities for hackers to use fake QR codes to lead people to malicious sites, steal confidential information, or even download malware onto their device.

These fraudulent QR codes can be found both online and offline. They’re often placed in high-traffic spaces such as on public notice boards or at busy car parks. Scammers will even replace authentic QR codes such as those found within businesses, on tables at a venue, or at government service points.

Online, QR codes are sent within malicious phishing emails often posing as a trusted source (such as Microsoft) to trick unsuspecting users into scanning them. They can also be found on malicious websites or deceitful social media pages or posts.

More businesses are choosing to adopt QR codes to engage with their customers, but as their use continues to grow so does the frequency of QR phishing scams. This means we can expect to see more of these scams appearing in the future.

How to Protect Against QR Code Phishing Scams

Awareness is key when it comes to protecting yourself against QR code phishing scams. If you know how to identify a fake or malicious QR code, then you can avoid falling victim.

Here are our top tips to stay safe against this threat:

Verify the QR code
You should only scan QR codes located in prominent positions in a business as these are more likely to be legitimate. If you’re unsure, ask a staff member.

Avoid scanning QR codes in public places
These come with a greater risk, so ask yourself if scanning the QR code is really necessary and if the answer is no then the safest option is to not scan the code.

Look for signs of tampering
If a physical QR code appears to be tampered with or altered in any way, don’t scan it. This could include a QR code stuck down over another, or a QR code that looks different when compared to others used by the business.

Be wary of QR codes asking for personal information
Never provide information such as your date of birth, login credentials or credit card numbers unless you can verify the QR code is legitimate.

Check for signs of phishing
If you receive an email you’re not sure about, check for other signs of phishing. This could include poor grammar, spelling errors, a sense of urgency or an unusual ‘from’ address. For even more tips on how to identify a phishing email, visit our blog post here.

Treat the QR code like any other link
Pause and consider if you really trust the sender or need that embedded information. Your gut instincts matter, if the QR code seems sketchy, do not scan it.

Keep your device updated
You should also keep your device up to date. Having the latest software versions will help protect your device against any vulnerabilities.

Use multi-factor authentication
Enabling multi-factor authentication will add an extra layer of security to your accounts and help keep you protected against threats such as QR code phishing scams.

If in doubt, contact Ever Nimble on +61 8 6381 6900 or email us via so our friendly team of experts can help. If you do identify a QR phishing scam, you should report it to the Australian Competition and Consumer Commission’s ScamWatch.

How Ever Nimble Can Help

With 90% of successful cyber-attacks made possible due to human error, education and awareness are critical to protect against cyber threats such as QR code phishing scams. At Ever Nimble, our CAT (Cyber Awareness Training) platform delivers just that. Our CAT platform provides essential cybersecurity training through video lessons, phishing simulations and more. In addition to this, the CAT platform provides extensive cyber security risk reporting, dark-web scanning, and policy toolkits.

Ready to access expert cybersecurity support and level up your cyber protection? Contact us on +61 8 6381 6900 or get in touch with us here.

Share This