QR Code Scams Are Surging in 2025: How to Spot Them and Stay Safe

Why QR Code Scams Are Exploding Right Now (2025 Data + News)

QR code scams hit a new high-water mark this week. CNET published a major consumer warning titled Don't Scan That QR Code Yet. Atlanta News First covered a wave of rideshare scams targeting fans at concerts and sporting events.

The Conversation ran a deep dive called Fake QR codes make for easy scams. And in South Carolina, Richland County authorities issued a public alert after residents received fake traffic violation notices with fraudulent QR codes attached.

This is not a coincidence. It is a coordinated crime trend. The FBI and FTC have both flagged QR code fraud — sometimes called quishing (QR + phishing) — as one of the fastest-growing vectors for identity theft and financial fraud. Here is why the problem is accelerating in 2025:

QR codes became normalized during COVID-era contactless everything — menus, payments, check-ins
Most people scan first and think second, which is exactly what attackers count on
Stickers are cheap. A criminal can cover a legitimate QR code with a fake one in under 10 seconds
Phones rarely show a full destination URL before loading — giving scammers a critical window
Unlike phishing emails, fake QR codes leave almost no digital trail for victims to trace

The result is a public that scans millions of codes every day with very little ability to tell the safe ones from the dangerous ones. That is the problem this guide solves. And if you run a business that uses QR codes, you can generate a branded, trustworthy QR code right now — no sign-up needed.

The 5 Most Common QR Code Scams Happening Today

Understanding how each scam works is the first step to not falling for one. These five are the most reported in 2025.

1. Parking Meter QR Code Scams

Scammers place a fake QR code sticker directly over the legitimate payment QR code on a parking meter or kiosk. You scan it, enter your payment details on what looks like a real parking app, and your card number goes straight to a fraudster. Your car may also get a ticket because you never actually paid.

2. Rideshare Pickup QR Code Scams

At busy venues — stadiums, arenas, concert halls — fake drivers hold signs or display QR codes claiming to be for Uber or Lyft pickups. Scanning the code takes victims to a credential-harvesting page that mimics the real app. Atlanta News First documented this scam spreading at major events across Georgia in mid-2025.

3. Restaurant Table QR Code Scams

A scammer walks into a restaurant, peels up or covers the legitimate menu QR code, and replaces it with their own. The fake site looks like a menu but asks for a credit card to "reserve" a table or join a loyalty program. If your restaurant uses QR code menus — and many do — read our guide on creating a safe QR code for your restaurant menu to understand how to protect your customers.

4. Fake Fine and Government Notice Scams

This is the one that triggered the Richland County alert. Victims receive a physical notice — on their windshield or even mailed to their home — claiming they owe a fine for a traffic violation, unpaid toll, or code violation. The notice includes a QR code to "pay now." The code leads to a fake government payment portal that steals payment data and sometimes installs malware.

5. QR Code Phishing Emails (Quishing)

Traditional email filters catch links and attachments. They do not catch images. So attackers embed QR codes directly into emails, bypassing security software entirely. The email might claim to be from your bank, Microsoft, the IRS, or a delivery service. You scan the code with your phone — which has weaker corporate security controls — and land on a credential-stealing page.

The psychological triggers behind all five scams are the same: urgency (pay now or get towed), authority (this is from the government), and convenience (just scan to pay). When you feel those three things at once, slow down. That is exactly when scammers want you to act fast.

How to Tell a Fake QR Code From a Real One — Before You Scan

You cannot always tell a fake QR code just by looking at it. But there are reliable checks you can do before and after you scan that will stop most attacks cold.

STEP 1

Physically inspect the code before scanning. Look for sticker edges, bubbling, misalignment, or a slightly different paper texture. Legitimate codes on meters and signs are usually printed directly or laminated flat. A raised sticker edge is a red flag.

STEP 2

Preview the URL before you tap. Most iOS and Android QR scanners show you the destination URL before opening it. Read it carefully. Look for misspellings (paypa1.com instead of paypal.com), unfamiliar domains, or long strings of random characters. If the URL looks wrong, do not proceed.

STEP 3

Check for HTTPS — but do not stop there. A padlock icon means the connection is encrypted. It does not mean the site is legitimate. Scam sites use HTTPS too. The domain name itself is what matters most.

STEP 4

Never enter payment info or passwords from a QR code link. If a QR code takes you to a page asking for credit card numbers, login credentials, or your Social Security number — close it immediately. Legitimate parking apps, government portals, and restaurants do not require sensitive data on a first-scan landing page with no prior account context.

STEP 5

Use a safe QR code scanner app. The native camera apps on iPhone and Android are generally reliable. Third-party scanner apps from unknown developers can themselves be malicious. Stick to your device's built-in camera or a well-reviewed app from a major developer.

STEP 6

When in doubt, type it out. If you receive a notice claiming you owe a fine or payment, go directly to the official website by typing the URL yourself. Do not rely on the QR code in the notice. Richland County's fake traffic violation scam would have been stopped cold by this one habit.

Pro tip: If you are at a parking meter and the QR code looks suspicious, pay inside, call the parking authority's official number, or use their official app directly. A few extra minutes beats a fraudulent charge on your card.

What Businesses Can Do to Make Their QR Codes Trustworthy and Scam-Proof

If you are a business owner, the QR code scam epidemic creates a real problem for you even if you are doing everything right. Your customers are now nervous. They have seen the news. They hesitate before scanning. And if a scammer replaces your legitimate QR code with a fake one, the reputational damage lands on you — not the criminal.

Here is how to make your QR codes harder to fake and easier for customers to trust at a glance.

STEP 1

Use branded QR codes with your logo embedded. A generic black-and-white QR code is trivially easy to replicate. A QR code with your company logo in the center, in your brand colors, is a visual trust signal. Customers who recognize your brand in the code are far less likely to hesitate — and a scammer's generic replacement will stand out immediately. See our full guide on how to add a logo to your QR code for a step-by-step walkthrough.

STEP 2

Print your destination URL visibly beneath the QR code. Add a short line of text under the code — something like "Scans to ourrestaurant.com/menu" — so customers can verify the URL after scanning. This transparency alone dramatically increases scan confidence.

STEP 3

Laminate and mount codes in tamper-evident frames. Make it physically difficult for a sticker to be placed over your QR code. Flush-mounted, laminated codes in a rigid frame are much harder to tamper with than a paper printout sitting in a table tent.

STEP 4

Audit your QR codes regularly. Assign a staff member to scan every QR code in your venue at the start of each shift. This takes two minutes and catches tampering before customers do. Keep a photo on file of what each legitimate code looks like.

STEP 5

Tell customers what to expect before they scan. Add a short note near the code: "This QR code opens our menu at taste.com — no payment info required." Setting expectations removes the uncertainty that scammers exploit. If your QR code ever asks for something you did not promise, customers will immediately know something is wrong.

Branded QR codes do not just look better — they function as a built-in authentication layer. A scammer can copy the shape of a QR code. They cannot easily replicate a QR code that carries your specific logo, custom colors, and branded URL in a way that a regular customer will instantly recognize. That visual familiarity is a genuine security asset, not just aesthetics.

For businesses that use QR codes for payments, the stakes are especially high. Customers who get burned once will never scan again. Our guide on how to create payment QR codes for PayPal, Venmo, and CashApp covers best practices for making payment QR codes as safe and transparent as possible.

Generate a Safe, Branded QR Code Your Customers Will Actually Trust

The best defense against QR code scams — for both businesses and their customers — is making legitimacy unmistakably visible. Generic QR codes invite doubt. Branded QR codes with a recognizable logo, consistent colors, and a visible destination URL remove it.

QR Stealth lets you build exactly that. You can create a custom QR code with your logo embedded, choose your brand colors, and download a high-resolution file ready for print or digital use — all without creating an account. Your QR data is processed privately by design, with no tracking by default. What you build is yours.

Create Your Free, Branded QR Code — No Sign-Up Required

Build a custom QR code with your logo embedded in under two minutes. Give your customers a visual trust signal that generic codes can never provide — and make your business harder to spoof.

Create Your Scam-Resistant QR Code →