The rising trend of QR code scams

In the digital age, convenience often comes at a price, and the price, in this case, might be your security.
Man holding two credit cards in right hand while typing with left
Table of Contents


QR code scams have surged across the UK, exploiting the ubiquitous use of QR codes for everything from online menus to payment systems. The simplicity of creating one of these codes has made it a favourite tool among scammers, making it increasingly difficult for the average person to differentiate between legitimate and fraudulent codes. Our aim is to arm you with the necessary knowledge to navigate this threat, ensuring you can recognise, avoid, and take action against QR code scams.

How do they work?

Creating a fake QR code is disturbingly simple, requiring nothing more than a few clicks on a website. These counterfeit codes are then strategically placed to lure unsuspecting victims into a trap. Once scanned, the code directs you to a deceptive site, skillfully designed to mimic legitimate services. 

The danger lies in the authenticity of these sites, convincing enough to trick users into entering sensitive information like credit card numbers, login credentials, or personal identification details. This information becomes the key for scammers to unlock your financial resources or to perpetrate identity theft. Beyond phishing, these QR codes can serve as a conduit for malware, silently infiltrating your device to steal data, monitor your activities, or embed further malicious software.

Types of QR code scams

Car park QR code scam

One of the more insidious forms of this scam occurs in car parks. Fraudsters replace legitimate QR codes with their own, directing drivers to counterfeit payment pages. Unsuspecting victims think they’re paying for their parking, but instead, their financial details are harvested for nefarious purposes.

Restaurants and cafes

Dining out can also expose you to QR code scams. Fake codes might be placed on tables or within menus, diverting patrons to fraudulent sites under the guise of viewing the menu or settling the bill, only to compromise their payment information.


Postal mail isn’t safe either. Scammers embed QR codes in letters or packages, claiming to be from reputable organisations. Once scanned, these codes lead to phishing websites designed to extract personal information or financial details.

Social media and apps

Social media platforms and apps are fertile ground for QR code scams, with fraudsters posting enticing deals or engaging content that leads to malicious sites. The viral nature of these platforms  can amplify the reach of such scams, ensnaring more victims at an alarming rate.

How to avoid QR code scams

The stealthy nature of these scams makes them particularly challenging to spot. However, vigilance and scepticism are your best defences. Always scrutinise the source of a QR code, especially if it appears in an unsolicited email, a public place, or on social media. Before entering any sensitive information, verify the site’s legitimacy by checking for a secure connection (HTTPS) and familiarising yourself with the site’s look and feel. When in doubt, avoid scanning QR codes altogether or verify the associated URL by other means.

What to do if you do enter your details

Discovering you’ve inadvertently provided personal information via a QR code scam can be alarming. However, taking swift and decisive action can help mitigate the potential damage. Here’s what you should do, broken down into actionable steps:

1. Change your passwords Immediately

  • For compromised accounts: Change the passwords of any accounts that may have been compromised as soon as possible. Use strong, unique passwords for each account to enhance security.
  • For uncompromised accounts: Consider changing these passwords as well, especially if you use the same or similar passwords across multiple sites.

2. Alert your financial institutions

  • Contact your bank: Inform your bank or credit card provider about the potential fraud. They can monitor your accounts for suspicious activities and take steps like issuing new cards or temporarily freezing your accounts to prevent unauthorised transactions.
  • Review your statements: Keep an eye on your bank and credit card statements for any transactions you don’t recognise. Promptly report any discrepancies to your financial institution.

3. Report the scam

  • National fraud & cyber crime reporting: In the UK, you should report the scam to Action Fraud. Reporting helps the authorities to take action against the scammers and can also help warn others about the scam.
  • Online platforms: If you encountered the scam on social media or through an app, report the incident on the platform. This can help prevent others from falling for the same scam.

4. Educate yourself and others

  • Stay informed: Keep up to date with the latest security threats and tips for protection.
  • Spread awareness: Share your experience with friends and family. Educating others can help prevent them from becoming victims of similar scams.

5. Seek professional help if necessary

  • Consider professional support: If you feel overwhelmed or unsure about how to deal with the aftermath of a scam, consider seeking help from a professional cybersecurity service. They can provide assistance in securing your accounts and protecting your identity.

6. Secure your devices

  • Run antivirus scans: If you suspect malware may have been installed on your device, run a comprehensive antivirus scan. Use reputable antivirus software to detect and remove any threats.
  • Update your security software: Ensure that all your security software is up to date. Regular updates provide protection against the latest threats.

The risks for businesses

QR code scams not only pose a threat to individuals but can also have significant repercussions for businesses. The versatility and efficiency of QR codes have led many companies to integrate them into their operations, from marketing campaigns to payment systems. However, this convenience also opens up new avenues for cybercriminals to exploit, potentially leading to financial losses, reputational damage, and compromised customer trust. Here are the steps companies can take to mitigate these risks:

Educate employees and customers

Regular cyber security training sessions on recognising and avoiding QR code scams can significantly reduce risk. Informing customers about safe practices through official channels can also help.

Secure QR code practices

Implement security measures such as QR code verification systems to ensure that the codes used in business operations are secure and legitimate.

Monitor and respond quickly

Establish protocols for monitoring QR code usage and responding quickly to any incidents of fraud. Swift action can minimise damage and reassure customers.

Collaborate with security experts

Partner with cybersecurity firms to strengthen defences against QR code scams and other digital threats. These experts can provide valuable insights and solutions tailored to your business’s needs.

Transparency with customers

If an incident occurs, being transparent with customers about the situation and the steps taken to resolve it can help maintain trust and loyalty.As QR codes become more integrated into our daily lives, the potential for scams increases. But with the right knowledge and precautions, you can enjoy the convenience of QR codes without falling victim to these digital pitfalls. Stay informed, remain cautious, and never hesitate to reach out to Cyber Security Awareness for guidance and support in protecting yourself against QR code scams and other cyber threats. Together, we can create a safer digital environment for businesses and individuals alike.

Person installing free wifi in cafe

How safe is free/public WiFi?

Person typing on laptop

Understanding the importance of business security

Group of people smiling while talking sat down

Cyber Security Awareness for your business in 2024