QR Code Payment Scams (Quishing)

Last updated: 2026-06-01

Quishing uses QR codes to hide a malicious link. Because you cannot read a QR code with your eyes, it is easy to be sent to a fake payment or login page.

Common red flags

QR codes stuck over real ones on meters or signs
QR codes in unexpected emails or letters
A scanned page asking for payment or login details
Pressure to scan and pay quickly
Short or unfamiliar domains after scanning

Safe next steps

Check the URL preview before opening anything a QR code points to
Pay parking and tolls through official apps you installed
Be suspicious of QR codes in unsolicited messages
Type official addresses yourself instead of scanning

What not to do

Enter card or login details on a scanned page
Scan QR codes from unexpected messages
Approve payments from a scanned link

Check a suspicious message

Paste the message to see its specific red flags and what to do next - free and private.

Check a message

QR code scamA scam that uses a QR code to send you to a fake payment or login page.Quishing (QR-code phishing)Quishing is phishing that uses QR codes to direct you to a fake website or payment page.

Related red flags

Frequently asked questions

Is this kind of message always a scam?

Not always, but the warning signs above mean you should stop and verify through official channels before doing anything. When several signs appear together, treat it as a scam.

What should I do if I already responded?

If you shared details or paid, act quickly: contact your bank or the relevant provider through official channels, change any passwords you entered, and save evidence. See our recovery guides.

Educational guidance only, not legal or financial advice. Examples are paraphrased and simplified.