QR phishing is a type of phishing attack that uses QR codes to trick victims into revealing sensitive information or downloading malware. Scammers may use QR codes in emails, text messages, social media, public places, or even approach people directly to scan them. To protect yourself, be suspicious of unsolicited QR codes, check the URL before scanning, use a QR code scanner app, keep your software up to date, be wary of QR codes in public places, don't scan QR codes from unknown people, and if unsure, don't scan it. 

Steps to Prevent:

Be Wary of Unsolicited QR Codes

Scammers may send them in emails, text messages, or social media. If you don't recognize the sender or the message, don't scan the code. 

Confirm trusted sources

If you receive a QR code from a company you know and trust, contact them directly to confirm its legitimacy before scanning. 

Spot phishing hallmarks

Be wary of QR codes that create a sense of urgency, appeal to your emotions, or have poor grammar.  

Review QR code URLs carefully

Make sure the URL matches the website you expect to visit before scanning. 

Be wary of personal info requests

Don't give out sensitive information, such as login credentials or credit card numbers, to a website you reached through a QR code.

For more information, email cyberaware@purdue.edu.

Download a PDF of these tips here