Portuguese 
English 
Spanish 
3 min of reading 
0 comments 
Specialists warn of the tactic of replacing legitimate codes with fraudulent labels in high-traffic areas.
The use of QR codes for payments, access to menus, and digital services has become ubiquitous, but criminals are exploiting this convenience to carry out sophisticated frauds.
The tactic, known in the digital security field as “quishing,” involves replacing legitimate codes with fraudulent versions that direct victims to malicious websites. By scanning fake QR codes, the user may have their banking information stolen or be tricked into downloading files infected with viruses.
Experts warn that the technique is effective because it is visually discreet and difficult to detect without the use of specific tools. Often, scammers paste adhesive labels over real codes in public places, such as parking meters, restaurant menus, and charging kiosks. Once the user scans fake QR codes, they are led to believe they are on an official payment platform, while in reality, they are handing over valuable credentials to hackers.
-
Scientists look at the Pacific Ocean and find a signal that worries meteorologists: heat accumulated below the surface may anticipate a strong El Niño, capable of altering rainfall, droughts, and temperatures in various regions of the planet.
-
Taller than the Eiffel Tower when in operation, the ship Voltaire lifts giant turbines in the North Sea using a 3,200-ton crane to transform Dogger Bank into the largest offshore wind farm in the world.
-
At 3,500 meters below the Mediterranean, an underwater telescope with 800-meter strings and 200,000 sensors recorded the most energetic neutrino in history, a particle that traveled through 140 km of rock and water before lighting up a third of the detector in a blue flash that lasted less than a nanosecond.
-
Gas plants advance in the United States, but comparison per MWh shows why solar, wind, and batteries can change the technology race.
How it works and hidden dangers
Unlike a conventional text link, which allows the user to verify the URL before clicking, the visual code masks the final destination.
When criminals use fake QR codes, they often employ link shorteners to hide suspicious web addresses. This makes it difficult for automatic security filters that could block access to pages known for phishing and identity theft activities.
In addition to the direct theft of financial data, the danger extends to the invasion of corporate networks and personal devices. By interacting with fake QR codes, the victim’s smartphone may be forced to grant access permissions to the camera, microphone, or contact list. In more severe cases, the simple act of opening the fraudulent website initiates the silent download of malware that allows for remote monitoring of the user’s activities indefinitely.
How to identify and avoid visual traps
The main defense against this threat is the physical inspection of the location where the code is displayed before performing any scanning. If there are signs that the sticker has been overlaid or if the print quality seems low, the chances are considerably high that it is fake QR codes. It is recommended that the user use the native camera app on their phone, which usually displays a preview of the link before opening the browser, allowing for prior verification.
Another important security measure is to avoid making payments or transferring sensitive data using codes found in high-traffic areas without supervision.
Legitimate companies rarely request login information or passwords immediately after scanning. Whenever there is doubt about authenticity, it is best to manually type the official company address into the browser rather than blindly trusting fake QR codes scattered around.
Technological response and public awareness
Security platforms are beginning to integrate smarter QR scanners capable of analyzing the reputation of the destination site in real-time. However, consumer education remains the strongest link in the protection chain against fake QR codes.
Awareness campaigns highlight that convenience should not replace caution, especially in financial transactions conducted in open or unfamiliar environments.
Financial institutions and commercial establishments are also being advised to use codes protected by extra layers of verification or protective covers that make physical tampering difficult. In the end, the golden rule for modern digital security is to be suspicious of any request for data that begins with a spontaneous scan. Technology is a powerful tool, but the existence of fake QR codes requires that every digital interaction be made with discernment and constant vigilance.
Click here to access the study.
Be the first to react!