Fake QR Code Scams (Quishing)

• Only scan QR codes from trusted sources or those you expect to encounter in legitimate settings, such as reputable businesses or official marketing materials.>
• Avoid entering sensitive information when prompted by QR codes unless you are confident in the source’s legitimacy. 
• Run your fingernail across the QR code. If there's a detectable edge or thickness, it could be hiding another sticker.
• Lift a corner of the QR code. If it lifts away from the surface, don’t use it.

• If you suspect a fraudulent QR code has led you to a malicious website, disconnect from the internet or turn off your device's Wi-Fi and mobile data to prevent further unauthorized access or malware downloads.
• Install and run reputable antivirus or anti-malware software on your device to detect and remove any potential threats.
• If you entered login credentials or personal information through a fake QR code, immediately change the passwords for the affected accounts and monitor your financial and online accounts for any suspicious activity. Notify your financial institutions promptly of these activities.  See Identity Theft for additional measures. 
• Implement multifactor authentication (MFA) for those accounts.  See  https://www.cisa.gov/MFA for more about MFA.  See Cybercrime Prevention for more about securing your devices. 
• Report the fake QR code to the business establishments where you encountered it and to the organizations it was posing as. 
• You can report internet crimes, including scams, to the FBI’s Internet Crime Complaint Center (IC3) at https://www.ic3.gov/ . This will assist in FBI investigations and help prevent others from falling victim to this scam.

References:

• Antoniuk, D. (2024 October 2). International police dismantle cybercrime group in West Africa. The Record. Retrieved from https://therecord.media/interpol-west-africa-cybercrime-group-cote-divoire. The fraudsters used QR codes to direct victims to malicious websites that mimicked legitimate payment platforms, where they asked their victims to enter personal information such as login details and card numbers.
• Bruneau, G. (2023, December 6). Revealing the Hidden Risks of QR Codes [Guest Diary]. SANS Internet Storm Center. https://isc.sans.edu/diary/Revealing+the+Hidden+Risks+of+QR+Codes+Guest+Diary/30458/.
• Federal Bureau of Investigation. 2025 July 31. Unsolicited Packages Containing QR Codes Used to Initiate Fraud Schemes. Retrieved from https://www.ic3.gov/PSA/2025/PSA250731.
• Hunter, T. (2021, October 7). Are QR codes safe?  Washington Post. Retrieved December 21, 2023, from https://www.washingtonpost.com/technology/2021/10/07/are-qr-codes-safe/.
• Kaspersky. (n.d.). What is a QR code and how to scan it. Retrieved December 21, 2023, from https://usa.kaspersky.com/resource-center/definitions/what-is-a-qr-code-how-to-scan.
• Microsoft. (2023, July 15). Five common QR code scams. Retrieved December 21, 2023, from  https://www.microsoft.com/en-us/microsoft-365-life-hacks/privacy-and-safety/five-common-qr-code-scams.
• Sjouwerman, S. (2025 April 3). QR Code Phishing is Getting More Stealthy Fast. KnowBe4. Retrieved from https://blog.knowbe4.com/warning-qr-code-phishing-is-evolving.
• Solomon, M. D. (2023, December 11). Phishing, Smishing, Vishing, and Now QUISHING? The Cyber Actor’s Next Attack Vector. International Association of Financial Crimes Investigators, https://www.iafci.org/app_themes/docs/News%20Article/QR%20Quishing%20Article.12.11.2023.pdf.

Fake QR Code Scam Flyer

Right-click on the image below and download it to distribute as a hard copy flyer.