Smart scanning: a consumer’s guide to QR code safety

Want to order carry-out? Scan the QR code. Need to RSVP to that upcoming event? Use the QR code. Looking to brighten someone’s day? Scan the QR code to send a message. Today, a quick response code, also known as a QR code, can be used for nearly anything across various industries.
QR codes are so useful that, in 2025, QR code usage is predicted to jump worldwide. But with this growing technology comes a higher risk for scams and the resulting cybercrime impacts. How can you avoid such scams? The following will help you understand this threat and teach you how to scan safely.
QR codes vs barcodes
The QR code was invented as a solution to the limitation of the barcode. Barcodes are one-dimensional, which limits how much information they can hold, and you must have a special barcode scanner to use one. Barcodes are primarily used for inventory tracking, product identification and point-of-sale transactions.
By comparison, QR codes can be used by anyone with a smartphone, and because they are two-dimensional, they have a much higher storage capacity than a barcode. They can be used in nearly any industry and are affordable to create using free and inexpensive QR code builders, allowing anyone to create a QR code.
Are QR codes safe?
Since anyone can create a QR code, they have grown in popularity and are widely used everywhere. But as they have grown in popularity, so have the risks. Scammers have developed ways to steal and manipulate data through QR codes, preying on consumers’ trust in the source of the QR code.
What are QR code scams?
There are two types of QR code scams: embedding of malicious URLs and phishing expeditions. These two types come in several different forms. Take a look.
The purpose of a QR code is to save you time. Scammers rely on you looking for convenience and being rushed, prompting you to scan quickly without investigating the link. Both types of scams work when the link to a QR code takes you to a malicious URL or a website.
Malicious URL embedding
In this situation, scammers will replace a legitimate QR code with a link to a QR code of malicious intent to steal sensitive information or install harmful malware that will then steal information. These scams happen when QR codes are in public places, making it easy for scammers to generate QR codes and replace the original code with a false code. Examples of this type of scam include:
- Parking meter QR code scam: This occurs when scammers replace the legitimate QR codes on parking meters with counterfeit codes. The idea is to get you to scan and pay for your parking when, in reality, your money is getting stolen.
- Restaurant QR code scam: Many restaurants today have adopted QR codes for table use. These codes take you to a menu online in place of a physical menu. When scammers cover these codes with their own generated codes, the intent is to steal your personal information or install a harmful virus on your device.
Phishing expeditions
Here, scammers impersonate a trusted business to attempt to steal your information or install harmful malware. These scams come in the form of emails, text messages or other sources that look like they’re from a familiar brand, leading you to trust the source and QR code. Examples of phishing scams include:
- UPS delivery QR code scam: A text message with a QR code claiming that you have a package that was unable to be delivered, and you must use the QR code to reschedule delivery.
- Unexpected package scam: The newest scam, as reported by the Better Business Bureau, is where you do get a package delivered. But it’s a package that you didn’t order. There will be a QR code on the package for you to scan, allowing you to see who sent it and how to return it. Instead of getting the information you seek, you open yourself up to malware by scanning.
- Government or utility company scam: This is an email or text message that appears to be from the IRS or a utility company saying that you have an outstanding bill. You must scan the QR code to complete the payment. This is a ploy to get your personal information and money.
QR code red flags
Knowing what scams to look for is half the battle. Since new scams seem to come out overnight, knowing some basic QR code red flags can help you assess the safety of scanning. Red flags include:
- Stickers of QR codes placed over existing signage
- Poor print quality and typos on the signage or the link
- A URL preview that doesn’t match the company website
- Promises of something that seems too good to be true
- Unsolicited QR codes through text and email messages
- QR codes with no context
- Pressure to scan and act quickly
- Requests for you to enter sensitive information
In general, if something seems off, even if you can’t pinpoint what, don’t scan. Spend a few minutes investigating. It doesn’t hurt to be overly cautious and follow your gut.
Tips to scan with care
It’s OK to go ahead and scan. The point is to do so safely without being overly paranoid. Safe scanning means that you take measures to protect yourself and your accounts before scanning to avoid phishing attacks. Safety tips include:
- Use strong password protection on all of your online accounts.
- Don’t just open the URL once scanned.
- Update your phone’s software regularly, as new security bugs are often addressed and fixed in updates.
- Use a trusted QR scanner app or the one built into your phone.
What to do if you think you’ve encountered a scam
Unfortunately, it happens. We’ve all been guilty. You point and click without thinking, and bam, you’re on a URL that seems off. If you believe you scanned a QR code that is a scam, there are steps you can take to protect yourself.
First, don’t panic. Simply close out of the URL without entering any personal information. Next, you can install and run a trusted security app. If it does detect an issue, the app will walk you through how to delete the threat.
If the security app doesn’t turn up anything, but you’re still worried, pay attention to things like changes in your phone’s battery life, unfamiliar apps and ads popping up. Anything that seems out of place should be investigated.
Finally, if you have scanned a QR code scam, you can report it in multiple places:
- Business or organization that the scam posed as
- Federal Trade Commission (FTC)
- Your state Attorney General
- FBI Internet Crime Complaint Center (IC3)
- United States Postal Inspection Service
- Your bank
Using QR codes safely
QR codes are here to stay. They boast a wide range of uses, far outperform barcodes, are easy for consumers to use and are affordable for businesses to generate. They’ve earned their spot in the world, and you don’t need to fear them.
By slowing down, watching for the above red flags and being smart about how to scan a QR code, you can easily avoid falling prey to a QR code scam.