Blog Safety What Does That QR Code Really Point To And Can I Trust It?

What Does That QR Code Really Point To And Can I Trust It?

By Jon Gould-Knight, February 9, 2026

TL;DR

  • Quishing (QR Phishing) is a scam where a QR Code leads to a fake site, an automatic malware download, or other malevolent things.
  • Bad Actor is a person or group that engages in criminal or scammy behavior
  • If a QR code looks like a sticker slapped over an original sign, don’t scan it.
  • If a QR code or link accompanies a message of unexpected urgency, it’s probably fake
  • Stay safe by accessing the same information without scanning the QR code by visiting the source’s website or searching for the app yourself.
  • If you still want to scan that code, preview and scrutinize the full url before you click it.

A QR code is essentially just a compact URL made of squares instead of letters and numbers. An increased need for no-contact solutions to things we used to handle and share constantly before the COVID-19 pandemic led to the widespread adoption and trust in QR codes everywhere. Think menus, cash, credit cards, flyers, business cards, etc…

Bad Actors Want your Data and Your Money

Big surprise, there are bad, bad, people out there who will take advantage of that trust (known as bad actors). The scam is called Quishing (QR Code Phishing) and a bad actor will put a QR Code somewhere that does not take you to where you might expect. Since the QR code cannot be read like a url you don’t even know if it is going to the right domain, if it links to an automatic download, or any other unexpected results. Note: most of these tips apply to links you see in emails or texts or a variety of other scams as well.

Here are some popular ways Quishing scammers try to get ya:

  • The parking meter sticker: Scammers put a fake QR code sticker over the real one on a parking meter. When you scan, you are taken to website that may look like the right company, but it’s a website spoof and your credit card info goes to the thief instead of the city.
  • The fake parking ticket: You find a slip that looks like a parking fine or a city citation. It has a QR code to “pay immediately” to avoid extra fees, but it is just a direct line to a scammer’s wallet.
  • The phony restaurant menu: Bad actors can place their own QR stickers on restaurant tables. Instead of seeing the menu, you are sent to a fake site that asks for your payment info to “pre-pay” for your meal.
  • The “Account Problem” email: You get an email claiming there is an issue with your Netflix, Microsoft, or bank account. They use a QR code instead of a link to sneak past your email’s spam filters and lead you to a fake login page.
  • The missed delivery: You find a “we missed you” note on your door that looks like it is from UPS or FedEx. It asks you to scan a code to “reschedule” or pay a tiny redelivery fee to steal your card details.
  • The utility bill scam: You receive a letter or text claiming your power or water will be shut off unless you scan the code to pay your balance immediately. And yeah, you guessed it. It’s not real.
  • The public Wi-Fi offer: Posters in airports or cafes might offer “Free High-Speed Wi-Fi” via a QR code. Scanning it can actually give a hacker a backdoor into your phone while you are connected.

How to Protect Yourself and Your Data

Of course, one way to avoid a scam like this is to simply never scan a QR code. However, if you’d like to take advantage of these mysterious convenient squares, here are a couple things you can do to keep yourself safe.

The “Tummy Test”

(Thank You to Michelle MeWhinny Angel up in Olympia for this term). This actually applies to many unknown texts, links, or situations. Does the call to action around the QR code feel too urgent? Is it a surprise? Does it make your insides feel off? If you didn’t seek it out and it is telling you to do something, chances are, you can ignore it. Like the fake parking ticket, the account problem, and the missed delivery.

Scrutinize the environment

Check out where the QR code is. Does it look like it’s a sticker on top of something else? Sometimes scammers will print out the fake QR code and slap it on top of the real ones such as in the case of the parking payment or phony restaurant menu. you’ll scan the code, It’ll take you to a website spoof that looks like the real thing with logos and all, but when you put in your information, it’s going to a scammer instead of the city. When you preview the code, look for subtle misspellings or double letters in the url (i.e. paypail or parkingkity).

Prioritize alternate ways to access the information

Whenever you see a QR code, ask yourself if it appears to point to something you could simply look up just as fast. For example, if the QR code tells you to download an app, it’s often faster to go to your App Store and search directly. As opposed to opening the camera, scanning the code, clicking the link, having it open a browser window that then opens your app store to the page to download the app. This also protects against sending you to a dummy app store that downloads a fake app that hides malware. If you need that menu at a restaurant, try typing in their website in your browser to find it first.

Pre-Screen and scrutinize the full URL

There are a couple ways to preview the code without visiting the link. When you reveal the full link, Scrutinize the URL and determine if it appears to take you where you expect to go. If it feels off but you still want to use it, I recommend bookmarking https://nordvpn.com/link-checker/ You can visit this site and paste the link in question. NordVPN (a trusted security company) will analyze the link and tell you if it appears safe. 

iPhone: when you point your camera at a QR code, there is the familiar yellow link bubble at the bottom of the screen. This looks like it shows the link it might look legit, however, this is a shortened link that could at first appear to be from a legitimate domain but is hiding a longer stream of characters at the end. Instead of tapping that big yellow button, tap the little icon on the bottom right corner to bring up a fly-out window that shows the full length URL and gives you the option to “copy link”.

Android: or other type of smartphone, look for the preview link that pops up and long press to get a “copy link” option. Or look for a hamburger menu or 3 dots to bring up options. (I cannot give this quite as detailed as I have an iPhone, myself. Feel free to reach out with questions and I can find more specific answers for you)

If this also isn’t an option or you’re in a hurry, another thing you can do is to activate airplane mode, and then click the link. This should open up a browser and put the full URL in the browser but of course since you’re on airplane mode, your browser won’t successfully open the page, so you’ll be able to glance at the link and copy it if needed. Then close the tab, turn your internet back on and check it with NordVPN or a similar anti-phishing site.

This all might seem like a lot of work and I don’t expect you to deep dive into every link you see but a little extra inspection can save you from a scam.

A couple thoughts for people in marketing or with businesses like myself

I, too, have been very tempted to use QR codes on my marketing. They look fresh, new, modern, and digital. But here are some guidelines to consider if you want to utilize a QR code. 

  • Is the link you’re using short enough to take up the same amount of space as a QR code? My website is ComingHomePNW.com. I can turn that into a QR code but at the end of the day, it doesn’t save me any space. In fact, the big square takes up more room! I have also seen folks turn a simple phone number into a QR code… and at that point you are really just going for unnecessary bells and whistles.
  • Similarly, you can make a QR code that automatically opens up an email and fills in the subject line. There can be benefits of doing this like for easy giveaway sorting when all the subject lines ought to be the same. However, I highly recommend making sure there are alternate instructions near the code such as “send an email to this email address with the subject line giveaway entry mm/dd/yyyy” 
  • If you’re tempted to put a QR code in there that basically just adds your contact to their phone make sure you are clear about what it is doing and make sure that your phone number is written in numbers as well. It’s important to tell the viewer what to expect and then follow through on those expectations. 

There are some folks who refuse to scan a QR code and I hope after reading this article you have a bit of a better understanding as to why. I am certainly not asking you to avoid QR codes at all costs, but I hope to help you gain an awareness as to what to look out for to avoid malicious links in the future.

This blog was written without the assistance of AI. Because I’m trying to maintain my ability to think for myself and lessen my negative impact on the environment.

Sources:

https://www.mcafee.com/blogs/tips-tricks/what-is-quishing-how-qr-code-scams-work-and-how-to-avoid-them/

https://www.msn.com/en-us/technology/cybersecurity/the-hidden-dangers-of-qr-codes-what-you-need-to-know/ar-AA1VzXIw

https://www.aarp.org/money/scams-fraud/qr-codes/

https://codebroker.com/the-rise-of-qr-codes-in-the-united-states-a-trend-driven-transformation/

https://us.norton.com/blog/online-scams/quishing

https://cyberalertica.com/cybersecurity-awareness/what-is-quishing/

https://www.thebureauinvestigates.com/stories/2025-07-29/what-is-a-quishing-scam-and-how-do-i-avoid-being-victimised

https://www.howtogeek.com/free-tools-to-help-you-identify-and-avoid-malicious-links/

Jon Gould-Knight

Broker | OR & WA

He/Him

Hello! I’m a heart-centered real estate agent based in Vancouver, serving folks throughout the Portland Metro area. My goal is to help you find more than just a house—I want to help you find a home that truly feels like yours. I believe the home-buying journey should feel empowering, exciting, and tailored to your unique needs, and I’m here to make that happen. Whether you’re a first-time buyer or an experienced buyer/seller who has been burned by non-empathetic or pushy brokers, I’m committed to guiding you every step of the way with honesty, clear communication, and creative problem-solving. I’ve wanted to work for Living Room Realty ever since I first dipped my toes into real estate nearly a decade ago. The branding & overall vibe have always aligned with my design passion. After a career detour into 3D design and animation pulled me out of the Portland Metro Area for the past 7 years, I’m back in real estate and getting the opportunity to join my first brokerage crush!  My clients have described me as patient, proactive, and thorough—always ready to answer questions, explain the unexpected, and go the extra mile (sometimes literally!). I have a passion for craft food and drink as I roast my own coffee, eat the spiciest food I can get my hands on, and I even used to host a haunted beer tour through various breweries in downtown Portland. In my down time I love to hang out with my wife, Kit, and our pets Minerva the pug and Dumbledore the cat. I’m also a huge film, stand-up, and theater fan, with a background in both graphic design and theater arts. Fun fact: I’ve even been an extra on Grimm and Portlandia! Let’s get together for a coffee or tea soon!
Read More
  • T: 360-995-8551
  • jon@cominghomepnw.com

Jon Gould-Knight

Broker | OR & WA

He/Him

T 360-995-8551

You might also enjoy

Just Listed! Custom Build Forest Heights Stunner!

The Twin Team

1142 NW Mayfield Rd Portland, OR 97229 Impeccable condition & thoughtfully maintained throughout. The ultimate in...

How an Open House Can Kickstart Your Portland Home Search

Ariel Kempf

Spring is Here: Navigating the Portland Market Here we are at the start of the spring...

A Home for The New Year!

Genmae Rianelli

There is something extra special about helping first-time homebuyers find the place where their story begins—and...

Just Listed: 55+ Midcentury Single Level Condo 12445 SE Main St

Jacob Weigel

Just listed! The East Club Estates is a little hidden gem of a community in greater...