Subscribe
Share
Share
Embed
Everyone has tech issues, and theyโre usually because things are more complicated than they need to be.
Your Tech Makeover helps everyday people simplify and get more out of the technology in their lives.
Host Frank Bravo shares practical tech tips and easy-to-understand explanations about smartphones, smart homes, cloud storage, passwords, Wi-Fi, AI tools, and other everyday technology.
If you want technology to feel simpler instead of more frustrating, this podcast is for you.
YOUR TECH MAKEOVER
Episode: Are QR Codes Safe? What to Scan and What to Skip
Host: Frank Bravo
Transcript (timecodes: HH:MM:SS from production markers; frame-accurate trim in host if needed)
================================================================================
[00:00:00]
Imagine this. You pull into a parking lot, find a spot, and walk up to the meter. There's no coin slot because it's 2026, but there's no credit card reader either. Just a big QR code on the sign that says scan to pay. You take out your phone, you scan it, you pay. You go on with your day. Simple enough.
[00:00:19]
Except in cities all across the country, people are doing that exact thing and handing their credit card information over directly to scammers. Because the QR code on the meter, it's a fake sticker. Someone put it there over the real one. The real payment system is underneath. That's the thing with QR codes. They're incredibly convenient, and that convenience is exactly what makes them so easy to misuse.
[00:00:42]
Today I'm going to give you some tools so that you won't be scammed by these fake QR codes.
[00:00:55]
Welcome to Your Tech Makeover, the podcast that gives you tips and tricks to help you simplify and get more out of the technology in your life. I'm your host, Frank Bravo. Today's topic is QR codes. What they actually are, where they're generally useful, where they become a risk, and how to protect yourself with a simple pause and check routine.
[00:01:14]
You can actually remember the next time one of them shows up on your restaurant table, on a parking meter, or in your inbox. So let's get into it. First, what is actually a QR code? QR stands for Quick Response. They're basically a barcode, but instead of the familiar stripes like you might see on your cereal box, it uses a pattern of black and white squares that hold a lot more information.
[00:01:36]
A regular barcode holds maybe 20 characters or so. A QR code can store several hundreds, which means that it's useful for website addresses, your Wi-Fi password, which I've talked about in a previous episode, contact information, payment details, and way, way more. They were originally invented way back in 1994 by an automotive company in Japan. The original idea was to track car parts through a factory faster than with a regular barcode.
[00:02:06]
For a long time, that was it. Most people had never heard of them until COVID happened. When restaurants reopened, nobody wanted to touch shared paper menus. QR codes were the perfect solution. Scan it with your phone. See the menu on your screen. There's no contact required. Then they went from niche industry to something that's most useful and encountered almost every day.
[00:02:29]
Like today, you'll find QR codes on restaurant tables and product packaging and all sorts of places. You might see them on parking meters and event tickets, in museums and retail stores, on business cards and marketing flyers, and increasingly in emails and text messages, which is the thing where it starts to get a little more complicated.
[00:03:02]
Before we talk about the risks, I wanted to spend a moment to tell you all the ways that QR codes are amazing and where they're legitimately useful, because I don't want you walking away from this episode thinking that I'm going to be afraid to scan them, because that's not the goal.
A QR code on the restaurant table is the most convenient way to actually see the menu. The restaurant puts it there. It goes right to their menu usually, and it's a way for you to browse without the server having to bring you something. A ticketed event, a concert, a sporting game, a conference, your digital ticket is almost always going to include a QR code.
[00:03:21]
These days you get them scanned at the door, and that's pretty standard practice now, and it works great. Payment apps like Venmo or the Cash App or Zelle let you send money by scanning QR codes on someone else's screen, instead of you having to type in their phone number or username, and it makes it so that errors don't happen.
[00:03:40]
It's quick and convenient. Some internet routers actually let you generate QR codes. I had mentioned this at the top of the show. I actually did an episode about how you can create a QR code for your Wi-Fi guests, so they scan instead of typing in their long, complicated password. It is very useful, especially when somebody visits and they want to be able to connect quickly.
[00:04:02]
You know, if you missed that episode, go find it in the feed. I think you'll get a lot out of it. I will honestly say that I've been a QR code fan for many years. Years before they became mainstream, I actually built a website called QR codes for home with the number four. If you're interested, go look for it, to help real estate agents create QR codes that they can put on their yard sign outside of properties.
[00:04:25]
The idea was something that I had while I was driving and I thought, oh, I wanted to see what that house looked like, but I didn't want to stop and pick up a flyer. The thought was I could scan the QR code from my car without having to get out of my car, or call the agent, because I really wasn't interested in buying the house.
[00:04:42]
I was just interested in seeing the house. It was a good use of the technology, and what it turned out to be was I was a little early to the game, before most people knew what a QR code even was, I was out there thinking about this. But the concept was solid, and eventually the rest of the world caught up.
[00:04:59]
It would be very likely you'd go pick up a flyer these days, and there would be a QR code on it. I say this to be clear that I'm not here to talk you out of using QR codes. I've already said that. The time is to make sure that you understand what you're scanning and you understand what they are.
[00:05:16]
The list that I went through was great reasons to use them. They're really helpful and practical. QR codes themselves are not the problem. What matters is the particular code that you're going to be scanning, and whether the person who put it there had good intentions.
[00:05:35]
Quick shout out to listeners like you who helped make Your Tech Makeover possible. Your support helps keep this podcast going and I truly appreciate it. Want to contribute? Just click the link in the show notes or visit yourtechmakeover.com. Plus as a thank you, supporters who give $25 or more will get $25 off a one-on-one consultation with me to help you simplify your tech. Thanks for being part of the Your Tech Makeover community.
[00:05:55]
Now back to what I was saying. Here's the core problem with QR codes. From a security standpoint, you can't read them. I think about things that are in general emails. You know, you can go look at an email and before you click on a link, you can hover your mouse over it or press and hold on your phone and see the preview of the website you're actually going to.
[00:06:16]
You can actually read it. If you decide it looks right, go ahead and continue. With a QR code, there is no preview. It's a visual pattern our eyes cannot decode. You have to scan it with your phone and before you find out what it actually is, it's already on its way. And by then, you might already be somewhere you didn't intend to go.
[00:06:36]
Scammers figured this out pretty quickly. There's even a name for it in the cybersecurity world. It's called quishing. That's QR code phishing. Phishing is when someone tricks you into giving up personal information, which, you know, because we've talked about that before, by impersonating a trusted source. Quishing does exactly that, except it does it with a QR code instead of a regular link.
[00:06:58]
So here's how the most common versions work in practice. Remember, at the top of the episode I mentioned the parking lot scheme? Well, that scam is something that is probably the most widely reported one. Someone prints a fake QR code sticker, places it over the real QR code sticker at the meter or the kiosk. You come up, you scan it, you go to a website that looks real.
[00:07:20]
You enter your credit card number and you hand it directly to somebody who shouldn't have it. Your car might still get ticketed. Actually, it probably will. And you're going to be out that money. The email and text message version is actually also becoming very common. You receive a message that looks official from your bank, maybe a delivery service or a toll agency, or maybe even the IRS, and the sense of urgency, your account has been flagged or your package will not be delivered, or even your toll balance is due now.
[00:07:44]
And instead of a clickable link, it's a QR code. Scan this to resolve the issue. We already talked about in previous episodes about how scammers try to make it seem like something is urgent to make you do it immediately. But the code in these is fake, and it takes you again to a fake login page designed to capture your username and password.
[00:08:11]
It might even capture your credit card information and can look exactly like the real thing. The flyer version is another thing that shows up from time to time. Taped to a telephone pole. Maybe it's on your car windshield. You might get something that says free gift card if you scan to claim, or maybe win a prize and take a survey.
[00:08:30]
These all lead to places where they try to collect your personal information and sign you up for charges that you didn't agree to. But others are even more dangerous. They can trigger file downloads onto your phone to maybe install spyware or malware. If that happens, the attacker might be able to actually access your messages, your photos, and maybe even the passwords stored on your devices.
[00:08:52]
The scan itself opens this door. There's also the fake legal notice version and a good example of how creative these scams have gotten. The Los Angeles County Sheriff's Department recently put out a warning about this one. They were seeing fraudulent notices that looked a lot like they came from them, or a court of law, complete with official-looking letterhead, a case number and urgent language.
[00:09:15]
Again, that urging language making you try to do something immediately about a hearing or a fine you owe. And right there on the notice, a QR code with instructions on how to pay immediately to avoid further action. The LASD was very clear. This is a scam. Neither the Sheriff's Department nor the Superior Court, or any other legitimate agency, will ever demand immediate payment through a QR code.
[00:09:40]
If you're receiving something like this, don't scan it. Go to the court. Go to the agency. Look up the number directly and verify for yourself. Then there's the tampered code version. This technically can happen by physically changing the QR code in a public space. You know, the restaurant table or museum display, a sign at a trade show. Someone again places that sticker over the existing code, and it's less common than the parking meter version, but it has the same idea.
[00:10:08]
One more thing to remember is that even if the QR code doesn't take you to a dangerous site or trigger a download, simply scanning it can tell the other party what kind of device you have, what the location is, and maybe some other information about your phone, that data that can be used to target you later on for more convincing scams in the future.
[00:10:28]
It's the reason that the pause and check habit matters so much. So let's talk about some ways that you can protect yourself. The good news is that they're not technical things that you have to be able to do. They're just ways to quickly pause and check the routine before you're going to scan that QR code. So rule number one, consider the source before you scan it.
[00:10:49]
The QR code on a table at a restaurant you walked into is probably fine. The QR code on the flyer you found on your windshield, well, that deserves a little more skepticism. And the email version that you were not expecting, that is a definite red flag. The QR code on the parking meter or payment kiosk is worth looking at.
[00:11:08]
Take a moment and take a look and see if that is a sticker over another sticker. Context will tell you a lot. Read the preview of a link before you open it. Now, a lot of QR code readers will now show you a preview link or a small URL of the website that it's going to lead to before it actually clicks through.
[00:11:25]
Make sure you understand where it's going. Does it say the name of the restaurant or the company you expect? Does something look off? Watch for misspellings like PayPal with a one instead of an L, Amazon with a zero instead of an O, and those sorts of things. If the addresses look strange, don't tap on it.
[00:11:43]
Just dismiss the notification and move on. Treat a QR code in an unsolicited message, now that's number three, it's the same as a suspicious link. In these cases, the healthy skepticism which we've talked about before is, you know, your bank's not going to send you something saying you need to do something immediately. Scan this code. It's going to tell you to go to the website and do it yourself.
[00:12:06]
If you need to do something on your account, they're going to actually give you a way to do it. Log in yourself on the address in your browser. Don't scan the QR code from the message if you weren't expecting it, no matter how official it looks. Rule number four is if it takes you to a login page, kind of along the same rules as rule number three, close it and navigate there yourself.
[00:12:27]
Now this is a big one. If you scan the QR code and it takes you to a page that asks for your username and password for your bank, your Amazon account, email, anything. Close that browser tab and then open a separate tab. Visit the real website and log in yourself. A fake login can look virtually identical to the real one.
[00:12:46]
The difference is, if you type the address yourself, you know you're going to the right place. I've talked about that in other episodes as well. And rule number five, if you're at a payment kiosk or a meter, look at the code before you scan it. As I mentioned, run your finger over the QR code. If it's a legitimate code, it's usually printed directly on the signage or mounted as a permanent professional-looking sticker.
[00:13:08]
A fake one is often thinner on flimsy paper, misaligned sometimes, or has edges that don't quite line up with the surface underneath. If anything looks like it might peel off and or the code looks like it was added after the fact, it's probably a good idea to skip it. Pay by phone number or use an app. Find another machine or move your car.
[00:13:28]
It is just simply not worth taking the risk. Three things to take away from this episode if you take nothing else away is one, read the link preview before you open any QR codes. Two, never scan QR codes from an unexpected email or text or notice no matter how official they look. And three, share this with one person in your life who may not know these things yet.
[00:13:51]
QR codes aren't going anywhere. They're really useful, and most of the ones you encounter in your daily life, they're going to be completely legitimate. The goal is not to be suspicious every time, but it adds a five second pause to that routine. Check where you're going before you get there. That's really all it takes. So have you ever scanned a QR code and the moment you knew something was off or landed somewhere you didn't expect?
[00:14:15]
I'd love to hear from you about it. Let me know. And as always, if you have any ideas for topics you'd like me to cover on the show, please feel free to contact me via email at frank@yourtechmakeover.com. That's it for now. Thanks for listening to Your Tech Makeover. If you haven't already, don't forget to subscribe to this podcast on your favorite podcast platform so you don't miss an episode.
[00:14:35]
If you're on Substack, make sure you subscribe to the newsletter so that you're alerted every time new content is posted. You can also check out yourtechmakeover.com, where you can see more information about this and every other episode. And if you want to find out more about me, please visit bravoitc.com. Thanks for listening. Until next time, I'm Frank Bravo and this has been Your Tech Makeover.
================================================================================
END OF TRANSCRIPT