Your weekly dose of scam-proofing in 3 minutes or less—no fluff, just the latest hacks, scams, phishing attacks, and cyber cons you actually need to know about.

🚨SCAM OF THE WEEK: QR Code Scams

Scan, pay, get scammed. Welcome to the new era of lazy fraud.

What is a QR Code Scam?

It’s when scammers stick fake QR codes on real things - or send them via email, text, or WhatsApp - to trick you into visiting malicious websites, entering sensitive info, or making payments to the wrong place.

They’re small, easy to generate, impossible to read with your eyes, and most of us scan them blindly without a second thought.

How it works

1. The swap:

   Scammers print fake QR codes and slap them over real ones - in restaurants, on parking meters, public posters, even coffee shop tables. You scan it expecting a menu or a payment portal. Instead, it loads a phishing site, or worse, a fake payment screen that siphons off your card details.

2. The bait:

   You get an email or text from a “delivery service,” “bank,” or “event organiser” with a QR code to scan for tracking, verification, or ticket access. Looks legit. You scan it. Boom - malware, login theft, or a crypto wallet drain.

3. The payment con:
   You scan to pay for something small (e.g. street parking, food truck, online ad) and it takes you to a cloned payment page. You enter your card. It processes… nothing. But your money’s gone.

Why it works

✅ QR codes look official - and there’s no way to eyeball where they lead

 ✅ We’re conditioned to trust them in restaurants, public spaces, and emails

 ✅ Many sites they link to look identical to real ones

 ✅ Scammers know nobody types URLs anymore - we just scan and hope

Real-world examples

🔹 Austin, Texas (2022) – Over 100 fake QR codes placed on city parking meters. Drivers scanned them and entered card details into a scam payment site.

🔹 South Africa (2024) – QR code sent via WhatsApp claiming to be from DHL for parcel collection. Users scanned it and were prompted to “verify” with their bank login. Full account takeover followed.

🔹 London (2023) – QR codes on restaurant tables redirected diners to a spoofed menu that installed a fake “payment app” loaded with malware.

Red flags to look out for

 🚩 QR code looks tampered with or like a sticker slapped on top

 🚩 You’re asked to scan a QR code from an unsolicited email or text

 🚩 You scan and get redirected to a strange domain or unexpected login screen

 🚩 The page asks for card details, personal info, or logins for no clear reason

 🚩 You’re pressured to scan urgently (“Offer expires in 10 minutes!”)

How not to get played

🛑 Don’t scan QR codes from strangers. That includes emails, posters, and sketchy texts.

🔍 Check the URL after scanning - before clicking through. Does it look suspicious? Exit immediately.

📱 Use a QR scanner app that previews the URL instead of auto-opening it.

🍽 In restaurants, ask staff to confirm the code if it looks dodgy.

📥 For deliveries, go directly to the official website or app instead of trusting a QR sent via message.

💳 Avoid entering payment info into any site you reached through a QR code - unless you’re 100% sure it’s legit.

🔥 ONE-LINER HOT TAKE

If you wouldn’t click on a sketchy link in your inbox, don’t blindly scan it off a lamppost.

That’s it for this week.

QR codes are like mushrooms - they pop up everywhere and some of them will kill you

Catch you next time,

Dan & the Goldphish Team

📌 P.S. Know someone who scans every QR code like it’s a scratch card? Forward this before their next scan ends in tears, or tell them to subscribe below.👇