QR Code Scams
Stickered-over parking meters, fake menus, and SMS QR codes that open phishing sites.
What is this scam?
QR code scams (“quishing”) trick you into scanning codes that open phishing websites or initiate malicious app actions.
Physical stickers on parking machines and restaurant tables are increasingly common.
How it works
- A sticker QR code is placed over a legitimate payment code.
- Scanning opens a payment page that sends money to criminals.
- Email or poster QR codes promise discounts or prizes.
- Some codes try to open app deep links with prefilled payment requests.
Warning signs
- Sticker edges, peeling, or codes placed on top of another label
- QR on unsolicited mail promising refunds
- Payment page domain unlike the city parking or restaurant brand
- Requests for card details for services usually paid in cash or official apps
- No HTTPS or strange certificate warnings after scan
What to do
- Use official parking apps or typed URLs instead of unknown stickers.
- Report tampered public QR codes to the venue or municipality.
- Contact your bank if you paid via a fraudulent QR page.
- Prefer showing QR from trusted sources you opened yourself.
- Paste decoded URLs into Fraudly when a scan looks suspicious.
Safety checklist
- Preview the URL before opening when your scanner allows it
- Pay parking through official city or provider apps
- Do not scan QR codes from strangers to “receive a refund”
- Teach children that QR codes are links—not always safe
- Check domains with Fraudly when paying via scanned links
Check a website before you pay
Paste a shop or payment link into Fraudly's free checker—get trust signals before you share card details or log in.
Check a website before you payFrequently asked questions
- Can my phone be hacked just by scanning?
- Usually the risk is the website you open—keep software updated and avoid installing profiles from QR codes.
- How do I check a URL from a QR code?
- Use your scanner’s preview feature, then run the link through Fraudly before paying or logging in.
Related scam guides
Parcel Delivery Scams
SMS or email claiming you owe a delivery fee or must reschedule a parcel.
Read guidePhishing Emails
Fake emails that steal passwords, payment details, or install malware.
Read guideFake Webshops
Copycat stores that take your money and never ship—or steal card details.
Read guideTech Support Scams
Fake Microsoft or Apple alerts demanding remote access or payment to “fix” your device.
Read guide
Fraudly is not a law enforcement agency. We provide informational guidance and links to official reporting organisations.
Related Fraudly resources
- Website scam checkerRun a free URL check for trust signals, scam patterns, and plain-language risk context.
- Scam awareness certificateTest your scam detection skills and earn a shareable Fraudly certificate.
- Download Fraudly appGet the iOS app or Chrome extension for on-the-go website trust checks.
- Fraudly PremiumDeep Scan and Live Protection in Chrome—website scans stay free.
- Scam alertsPublished threat alerts with context on emerging phishing and scam campaigns.
- Intelligence HubEditorial guides on fake webshops, phishing, and warning signs before you pay or log in.
