Phone scams

Is the QR code a scam?

Quick answer

Potentially yes. QR-code phishing ('quishing') is a fast-growing attack. Scammers replace legitimate QR codes (parking meters, restaurant menus) with malicious ones, or include fake QR codes in emails. Scanning sends you to a phishing site that looks legitimate but harvests credentials or payment info.

Red flags to look for

1
QR sticker is clearly placed over an existing QR code (peelable, on top)
2
QR in unexpected places: parking meters, gas pumps, vending machines (where scammers stick fakes)
3
QR in email or text from unknown sender
4
QR in mail/flyer demanding urgent payment for parking ticket, package, etc.
5
Scanned URL doesn't match the expected business domain

Real examples

Parking meter sticker

[QR code with text: 'Scan to pay for parking — quick and contactless']

Likely Scam

Many municipal parking systems do offer QR payment — but scammers stick fake QR stickers over real ones. The fake QR leads to a fake parking-payment site that captures your card. Always verify the URL matches the city's official domain (e.g., parkmobile.com or city.gov).

Your Microsoft 365 account requires re-authentication. Scan the QR code below from your phone to verify quickly.

Likely Scam

Microsoft never asks you to scan a QR code to verify. The QR leads to a phishing page that captures your Microsoft password and 2FA token.

What to do

Always preview the URL before tapping — your phone shows the URL when you scan, take a moment to read it.
If the URL doesn't match the expected business (e.g., parking.cityof[yourcity].gov), don't proceed.
Be especially suspicious of QR codes in emails, texts, or stuck onto public surfaces.
When in doubt, type the URL or use the official app instead.
Report fake QR stickers to the business or city — they'll often remove them quickly.

Not sure about a message? Check it in seconds.

Paste any suspicious text, email, link, or screenshot into Double Check and get a plain-English answer instantly. Free to start. Family alerts included.

Download on the App Store Get for Android

Why scammers use this approach

QR codes hide the destination URL inside an opaque image. Most people scan reflexively without checking the URL. Replacing physical QR codes is cheap, scales infinitely, and victims don't realize they've been phished until charges appear.

Frequently asked questions

Is it safe to scan QR codes at restaurants?

Generally yes — but verify the URL goes to the restaurant's own domain. Be cautious of QR menus that ask for credit card or personal info beyond what you'd expect for ordering.