104 - Be Careful With QR Codes

Written By Russell Mickler
Scammers sometimes place fake QR codes on flyers, parking meters, or public notices. A malicious code can lead to phishing websites or stolen payment information.

Scanning a quick little square with your phone camera has become a completely normal part of moving through the world. Whether you are opening a menu at a neighborhood restaurant, trying to pay for a parking spot, or looking at a flyer for a local cultural festival, QR codes are incredibly convenient shortcuts.

Unfortunately, that convenience makes them a perfect camouflage for bad actors. For Black, Indigenous, and People of Color (BIPOC) communities who already navigate systemic hurdles, falling victim to a financial scam can severely disrupt the stability you are working hard to build. Scammers are actively taking advantage of our familiarity with these squares by pasting fake QR codes directly over legitimate ones on public notice boards, parking meters, or community flyers. When you scan a tampered code, it won’t take you to the city payment portal or the community event page. Instead, it quietly redirects your phone to a convincing fake website designed to steal your credit card numbers or harvest your personal login credentials.

Protecting your digital footprint and your wallet doesn't mean avoiding these convenient tools altogether. It just means adding a layer of physical and digital awareness before you point your camera.

You can easily dodge fraudulent links by practicing a few straightforward habits:

  • Do a physical touch-test: Before scanning a QR code on a public sign, utility pole, or parking meter, run your finger over it. If it feels like a thick sticker pasted over the original background, skip it entirely.

  • Preview the link destination: When you aim your phone camera at a code, a small web address preview will pop up on your screen. Take a second to read it before tapping. If the name looks scrambled, misspelled, or doesn't match the official business name, don't open it.

  • Stick to official apps for payments: If you need to pay for parking or transit, bypass the public QR sticker entirely. Manually type the city’s official web address into your browser or download their official app directly from your phone's app store.

Moving through public spaces with a little extra observation ensures that you stay connected to your neighborhood resources while keeping your financial information entirely secure.

What Now

If you encounter or have been impacted by fraudulent or tampered QR codes (known as "quishing") on public notice boards, parking meters, or community flyers, take these immediate actions to protect your devices and financial accounts:

  1. Perform a Physical Overlay Inspection: Before scanning any QR code in public spaces, inspect the surface. Feel the code to check if it is a thick sticker pasted over an original, legitimate notice. If it feels tampered with or misaligned, do not scan it.

  2. Verify URL Previews Closely: Use your phone’s native camera app to scan the code rather than a third-party application. Review the small web address preview that pops up on your screen before tapping it. Look closely for scrambled letters, random subdomains, or subtle misspellings (such as "g0vernment" instead of "government").

  3. Bypass Public Squares for Financial Transactions: If you need to pay for a parking spot, public transit, or a community event, avoid the public QR sticker entirely. Manually type the official city, agency, or business URL directly into your web browser, or download their verified application from the official Apple App Store or Google Play Store.

  4. Report Fraudulent Activity and Tampering: If you find a malicious QR sticker or accidentally input data into a deceptive landing page, take a photo of the physical flyer and report the location to the property manager or local authorities. Additionally, file an anonymous consumer fraud report with the Federal Trade Commission to help track malicious schemes targeting your neighborhood.

  5. Utilize Expert Consumer Defense Frameworks: To learn more about emerging digital traps and how to recover if your payment information or identity is compromised, review consumer protection toolkits. You can find up-to-date security alerts and financial safety playbooks curated by non-profit authorities like the National Consumers League or the Consumer Federation of America.

Local Resources

  1. Fourth Plain Forward https://www.fourthplainforward.org/contact

    (360) 258-0817

  2. NAACP Vancouver Branch https://naacpvancouverwa.org/

    (360) 694-5555

  3. Partners in Careers (PIC) https://partnersincareers.org/contact/

    (360) 696-8417

Russell Mickler

Russell Mickler is a computer consultant in Vancouver, WA, who helps small businesses use technology better.

https://www.micklerandassociates.com/about
Previous

105 - Review App Permissions Regularly
Next

103 - Community Knowledge Is Powerful