{"id":649,"date":"2026-04-30T09:50:05","date_gmt":"2026-04-30T14:50:05","guid":{"rendered":"https:\/\/www.wisconsin.edu\/information-security\/?p=649"},"modified":"2026-04-30T12:08:42","modified_gmt":"2026-04-30T17:08:42","slug":"not-every-code-is-what-it-seems-qr-code-scams","status":"publish","type":"post","link":"https:\/\/www.wisconsin.edu\/information-security\/2026\/04\/30\/not-every-code-is-what-it-seems-qr-code-scams\/","title":{"rendered":"Not Every Code Is What It Seems: QR Code Scams"},"content":{"rendered":"\n<p>QR codes are everywhere now. Restaurant menus, parking meters, gas pumps, flyers in the hallway. Most of us scan them without thinking twice. That is exactly the problem.<\/p>\n\n\n\n<p>You cannot tell where a QR code is going to take you until after you scan it. By the time you are looking at the page, you might already be on a fake login screen or a website built to steal your information. Scammers have noticed, and they have started using QR codes to do what phishing emails used to do.<\/p>\n\n\n\n<p>This kind of attack even has a name. Quishing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Quishing Is<\/h2>\n\n\n\n<p>Quishing is QR code phishing. Scammers create fake codes that send you to lookalike websites built to capture passwords, account numbers, or personal information. The code itself looks normal, which is the whole point.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Where to Watch Out<\/h2>\n\n\n\n<p>Parking meters and gas pumps are common targets. Scammers print fake QR code stickers and place them right over the legitimate ones on payment kiosks. If a QR code looks like a sticker placed on top of something else, do not scan it.<\/p>\n\n\n\n<p>Flyers and paper slips are another favorite. Codes show up on posters, handouts, or papers slipped under a door, often without any real contact information attached. If scanning is the only option a flyer gives you, that is worth a second thought.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Protective Steps<\/h2>\n\n\n\n<p>A few habits will keep most QR scams from working:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Preview the link before opening it, since most phone cameras show the URL before loading the page.<\/li>\n\n\n\n<li>Check the code for physical tampering, especially on stickers placed over original codes.<\/li>\n\n\n\n<li>Verify that the source is legitimate, particularly for anything related to payment or login.<\/li>\n\n\n\n<li>Avoid entering credentials on any page you reached through a scanned code.<\/li>\n\n\n\n<li>Be cautious when something pressures you to act fast, since urgency is a common scam tactic.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">If You Already Scanned and Entered Information<\/h2>\n\n\n\n<p>Change your password immediately from a trusted device. Call your bank if any financial information was entered. Then report the incident to the Help Desk right away.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Reporting<\/h2>\n\n\n\n<p>If something feels off, report it to your campus IT help desk as soon as possible. The sooner it&#8217;s reported, the easier it is to contain. You can find contact information for your campus help desk here: <a href=\"https:\/\/kb.wisc.edu\/helpdesk\/5427\">Universities of Wisconsin (UW System) &#8211; IT Help Desks Contact Information<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Bottom Line<\/h2>\n\n\n\n<p>A QR code is just a shortcut to a web address, and shortcuts can lead anywhere. Take a second to preview the link, and trust your instincts when something looks tampered with or out of place.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>QR codes are everywhere now. Restaurant menus, parking meters, gas pumps, flyers in the hallway. Most of us scan them without thinking twice. That is exactly the problem. You cannot [&hellip;]<\/p>\n","protected":false},"author":6587,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31,33,21,36,32],"tags":[],"class_list":["post-649","post","type-post","status-publish","format-standard","hentry","category-emerging-threats","category-faculty-staff-awareness","category-phishing","category-quishing","category-student-awareness"],"publishpress_future_action":{"enabled":false,"date":"2026-06-23 01:40:05","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/posts\/649","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/users\/6587"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/comments?post=649"}],"version-history":[{"count":2,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/posts\/649\/revisions"}],"predecessor-version":[{"id":672,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/posts\/649\/revisions\/672"}],"wp:attachment":[{"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/media?parent=649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/categories?post=649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wisconsin.edu\/information-security\/wp-json\/wp\/v2\/tags?post=649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}