LAS VEGAS (KTNV) — QR codes are everywhere, from restaurant tables and parking meters to utility bills, but that convenience now comes with growing risks.
Cybersecurity experts say scammers are exploiting the public’s trust in QR codes to steal money and personal information through a scam known as “quishing.”
WATCH | Shakeria Hawkins speaks to a cybersecurity expert to learn some of the warning signs to watch out for
Las Vegas locals say they’re noticing the risks.
“You don’t know if your information is being taken,” said Steven Smith. “Even at restaurants, they’ll have a QR code on the menu, but the menu’s right there, so why do I need to scan it?”
For Kayla Mercado, the concern is personal.
“Me and my friends went to a food truck, and they ended up taking one of my friend’s info from that QR code,” she said.
The Federal Trade Commission recently issued a warning about fake QR codes appearing on package labels, parking meters, and payment notices. Scammers use counterfeit stickers to redirect users to malicious websites that can capture sensitive data or install malware.
James Chatwani, a cybersecurity expert with GuidePoint Security, says the problem is spreading fast.
“Attackers are preying on convenience — people just want quick access to whatever the QR code is offering,” Chatwani explained. “Unlike a phishing email, where you might spot a typo or fake sender, QR codes are just images. It’s much harder to tell if they’re legitimate.”
He recommends taking a closer look before scanning.
“If a QR code looks tampered with, like a sticker placed on top of another, that’s a red flag,” Chatwani said. “Once you click, it’s really hard to know what’s happening in the background. Always check the link and ask yourself if it’s from a trusted source.”
Experts say if you’re unsure, don’t scan.
Always double-check the web address before entering personal information, avoid random QR codes on flyers or signs, and whenever possible, type in the official website yourself.