- QR codes were invented in 1994, but it wasn’t until almost a decade later that they became mainstream.
- QR code usage has increased rapidly, making them a popular tool for hackers to spread malware or steal personal information.
- QR codes have seen the highest adoption rates in Asia, where they were created. China is a world leader in QR code usage.
- The dangers of QR codes lie in their design, as malicious codes can be found anywhere and cannot be distinguished from legitimate ones.
- Learn how to safeguard your privacy with our tips on how to stay clear of QR code scams.
QR codes are like modern-day keys that can unlock a wealth of information with just a scan. These codes have become ubiquitous, appearing on advertisements, restaurant menus, and even government documents. However, just as you wouldn’t blindly use a key to access a door without knowing what’s behind it, it’s important to exercise caution when scanning QR codes.
In recent years, QR code usage has skyrocketed, making them a popular tool for hackers to spread malware or steal personal information. Even with all the common online security tools at your disposal—a VPN, a firewall, encrypted services—they won’t shield you from the human error of scanning a malicious QR code. In this guide, we’ll give you the necessary tips to safely scan QR codes and protect yourself from potential risks.
What are QR codes?
QR codes, or Quick Response codes, were developed as a solution to the limitations of traditional barcodes. Unlike barcodes, which are scanned in a line and can only store data in one dimension, QR codes can be scanned both horizontally and vertically, allowing it to store a much larger amount of data in a single code.
QR codes contain all sorts of information. For example, you might see a QR code on a poster or a product, and when you scan it with your phone camera, it could take you to a website, show you more information about the product, or even give you someone’s contact details.
Used for everything from billboard advertisements to parcel delivery tracking and making payments, QR codes offer great versatility. They can be printed on a variety of materials like paper, plastic, or metal, And you can scan them from many different angles and distances. They’re a quick and easy way to give people immediate access to information.
More people are scanning QR codes than ever before
QR codes were invented in 1994, but it wasn’t until almost a decade later that they became mainstream. It was only when more advanced mobile technology, particularly high-definition cameras, became available that QR codes started to be widely used. Additionally, the availability of faster and more stable internet connections also played a crucial role in the popularization of QR codes.
However, the recent pandemic spurred QR code usage further. As social distancing restrictions were imposed, people sought contactless ways to access information and services. QR codes provided an ideal solution, allowing consumers to scan codes using their phones to perform tasks like ordering food in a restaurant, rather than having to flip through menus handled by many. Additionally, the isolation of Covid-19 forced many people to get comfortable using digital technology, which further fueled the adoption of QR codes.
According to recent research from Statista, the percentage of phone users who scanned a QR code increased by 26% in the last two years, reaffirming how much society has embraced this technology.
It’s likely that we will continue to see these little black-and-white patterns emerge in various aspects of our daily lives thanks to their availability and ease of use. In fact, eMarketer has predicted that the number of QR code scans will increase by 19% by 2025, compared to statistics recorded in 2022, with an expected 100 million scans.
However, the adoption of QR codes varies among regions.
Asia leads QR adoption, followed by North America
Not surprisingly, nations with a tech-savvy culture, extensive use of QR codes in marketing and advertising, and increasing use of QR codes for mobile payments are the most enthusiastic adopters of QR codes.
In fact, QR codes have seen the highest adoption rates in Asia, where they were created. China, for example, is a world leader in QR code usage—half of Chinese consumers scan QR codes several times a week, with residents using them for everything from saving spots in line to setting up dates.
However, payments are where consumers are using QR codes the most. Scan-to-pay transactions in China have surged by 26% year-on-year since 2021—a statistic fueled by the pandemic. This trend is reflected across the whole of the Far East.
According to Statista, the region is expected to transact over 2.2 trillion USD via QR codes in 2023 alone. This is followed by North America, whose consumers are set to use QR codes to pay for goods and services to the value of 15.4 billion USD, and Latin America that’s set to use QR codes to transact over 3.4 billion USD.
Europe is slower to adopt QR codes than other regions, with the nation expected to spend 1.8 billion USD transacting with QR codes. However, recent data shows it is slowly gaining momentum with twice as many users in Europe now using QR codes compared to 2018.
QR code fraud is on the rise
With the rise in QR code usage, hackers and scammers have seized the opportunity to exploit this trend and obtain valuable personal data with minimal effort. The dangers of QR codes lie in their design, as malicious codes can be found anywhere and cannot be distinguished from legitimate ones—making it impossible to detect fraudulent codes just by looking at them. Additionally, the absence of a central authority authorizing QR codes means that anyone with basic tech skills can create them for free using readily available code-generating tools online.
QR codes can also reveal a wealth of information about their users, putting their privacy at greater risk beyond personal and financial data. By scanning a single QR code, scammers can find out where their victims are located, what browser they’re using, and their browsing history. More concerningly, they can access personal data like full names, addresses, and banking information, which can reach high prices when sold on the dark web.
To help safeguard your privacy, it’s important to be aware of the most common ways scammers use malicious QR codes.
1. Fraudsters are exploiting restaurant QR codes
QR code menus and payments are revolutionizing the way restaurants and cafes operate. Not only do they offer a more hygienic option for customers, but they also help establishments provide faster service and avoid the work of updating physical menus. In fact, a recent study found that 53% of restaurants in the U.S. have already made the switch to QR code menus. This trend is particularly popular among Gen Z and Millennials customers, who are more inclined to embrace new technological solutions and opt for contactless payment methods.
Many restaurants started implementing QR codes in 2020 amid the pandemic and, according to the Restaurant Readiness Index report, 33% of owners believe they will positively impact future success.
However, scammers can easily tamper with QR codes on menus and ordering sites, replacing them with fraudulent ones that redirect customers to fake websites that look similar and are designed to harvest personal data or redirect payments to rogue accounts.
Interestingly, despite the growing frequency of QR code financial scams in the industry, people still feel the safest scanning QR codes in supermarkets and restaurants. However, they feel significantly less secure when using QR codes in gyms and while traveling.
2. The risks of public Wi-Fi and sharing network access
QR code scammers often target public places such as cafes and restaurants because of the easy access it provides to tamper with QR code menus and Wi-Fi hotspots. While connecting to an open network always carries some risk, QR codes make it easier for scammers to hide their traces and cause more damage. Cybercriminals often set up fake Wi-Fi hotspots with names that resemble the Wi-Fi network of a public place you want to connect to. However, in most cases, this scam is detectable if you take a closer look at the network name. In contrast, you won’t be able to look out for warning signs when accessing the network through a QR code.
3. The hidden dangers of smart packaging
QR codes on products have become increasingly popular in recent years, essentially replacing warranty registration forms and user manuals. Brands can benefit from this technology by using it to display product information transparently, gather feedback data, and improve the overall customer experience.
However, the increased use of QR codes in online shopping and logistics has also attracted scammers looking to exploit the trend. Cybercriminals often send phishing emails disguised as automated logistics company emails to trick customers into clicking on QR codes that redirect them to bogus websites designed to steal personal information. In some cases, scammers even send physical gifts or packages, claiming to be from known shops to further deceive customers.
4. The dark side of financial QR code transactions
QR codes have brought about improvements in the security and speed of financial transactions through their end-to-end encryption and PIN-less cash withdrawal features. However, they have also become a target for scammers seeking to drain users’ bank accounts without getting noticed.
There are several ways that cybercriminals use QR codes to target users’ bank accounts, with one of the most common being the tampering of legitimate QR codes used for easy payments in public places, such as parking meters, gas stations, and cafes. In 2021, police in San Antonio in the U.S. issued a public warning to notify citizens of fraudulent QR code stickers stuck over legitimate ones, that were causing people to send funds to malicious third-party vendors.
Even though transferring small amounts of money for parking or coffee may not cause significant financial damage, fraudsters can use the data they steal from accounts to cause more harm over time.
For example, last month in Honolulu, Hawaii, city crews had to remove counterfeit parking payment stickers that were affixed to parking meters. These stickers looked like the real parking payment stickers issued by the city, but instead directed drivers to a fake website called ParkSmarter.app, which asked for payment and personal information. The amount of money that was lost as a result of this scam is unclear, as the stickers were taken down before authorities could determine the extent of the damage.
Another common financial fraud involving QR codes is crypto scams. Fraudsters lure victims with promises of discounted or free cryptocurrency coins. But after scanning the QR code, they’re often redirected to malicious sites designed to harvest their crypto wallet details.
Social media platforms have become a primary channel for crypto QR code fraud. Scammers often impersonate well-known crypto experts or trustworthy individuals to carry out targeted attacks. They entice victims with QR codes promising free bitcoins or discounts, and use these tactics to lure unsuspecting victims into the trap. In 2022, the U.S. Federal Trade Commission reported that 32% of all crypto scams were carried out on Instagram alone, leading U.S. senators to send a joint letter to Meta’s CEO, Mark Zuckerberg, requesting specific actions to protect users on Meta’s social media platforms and educate them on the risks.
5. QR codes in healthcare and medical fraud
As healthcare continues to adapt to the fast-paced online environment, it’s crucial for patients to be able to differentiate between valuable, trustworthy information and scams seeking to misinform and deceive them. QR codes have become an important tool for pharmaceutical companies to ensure the safe use of drugs by providing transparent information about the manufacturing process, drug content, expiry dates, dosage, and safety measures.
During the COVID-19 pandemic, QR codes played an essential role in tracking and analyzing patients’ health conditions and the spread of the virus more efficiently. With the implementation of QR codes showing satisfactory results and patients using them more regularly, healthcare institutions are now embracing technology for broader use cases.
However, the healthcare industry is not immune to QR code scams. Criminals are using fake QR codes offering medical information to trick patients into giving away sensitive data such as Social Security numbers.
How to stay safe while scanning QR codes
While QR codes themselves are considered secure by cybersecurity experts, the context in which they’re used can pose risks to users. For example, QR codes that redirect users to malicious sites can compromise their privacy. Therefore, it’s essential to scan with caution.
Check out our slideshow below on tips for staying clear of scam QR codes:
FAQ: About QR codes
Is Google QR code generator free?
You can use Chrome’s mobile app to generate a QR code for a page you want to share for free. But note that Google doesn’t offer any standalone QR code generator services, so be wary if you see a QR code generator service that claims it’s from Google.
How do I make a QR code for a link?
You can turn a link into a QR code using the Chrome mobile app or a QR code generator. There are plenty of free QR code generators to choose from online, but be especially careful with free ones, as they may not always be safe.
Can I scan a QR code without an app?
You don’t need to download a third-party app to scan a QR code anymore. You can use your phone’s built-in Camera app to scan QR codes directly.
Do all phones recognize QR codes?
Most phones have a built-in QR code reader and can scan QR codes these days. As long as your phone is running iOS 11 or above or Android 8 or above, it can scan QR codes.
What is the safest QR app?
The safest app that you should use to scan QR codes is your phone’s built-in Camera app. Apps offering QR scanning functionality may not be safe, as they may contain malware or phishing scams.
Privacy should be a choice. Choose ExpressVPN.
30-day money-back guarantee
In China, QR codes and Weixin (WeChat) together are ubiquitous – the most commonly used systems for paying for stuff including bus and taxi rides.
Even street vendors and shoe repairers have their own code! If your payment comes straight from a state bank as you have a bank account, there should be no need for further verification. Yet many places will not accept a payment when the QR code is scanned without first entering further details like ID and phone number. An official-sounding notice pops-up stating it is Chinese law to provide this information. This is untrue in these transactional situations as the bank has these details anyway. In these cases, pay with cash. Tell the vendor you are unhappy and leave.
Approaches like this are simply data gathering. Phone numbers, for example, are sold on to marketing companies.
Even adding these callers to your phone’s blacklist (as it is called in China) will not prevent further nuisance calls. The Chinese government don’t bother, so don’t expect any support if you fall victim to a QR scam.