# How to Spot a Malicious QR Code Before You Scan > Five practical checks anyone can do in seconds to avoid quishing scams and risky QR redirects. URL: https://www.qrsafer.com/blog/how-to-spot-a-malicious-qr-code-before-you-scan Published: 2026-05-04 --- # How to Spot a Malicious QR Code Before You Scan Quishing attacks rely on speed and habit. Most people scan first and verify later. Flipping that order keeps you safer. QR code scams are accelerating. The FBI reported a [sharp rise in QR code fraud](https://www.ic3.gov/Media/Y2022/PSA220118) starting in 2022. The FTC's Consumer Sentinel Network logged over 22,000 QR-related fraud reports in 2023. And a 2024 Hoxhunt study found that 22% of employees clicked a simulated quishing link in training exercises — compared to 4% who clicked a traditional phishing link. ## 1. Check placement context Ask whether the QR code makes sense in its environment. A sticker slapped over an official sign, parking meter, or restaurant menu should be treated as suspicious. ## 2. Look for tampering Raised stickers, mismatched colors, and low-quality print are common signs of replacement QR codes. If it looks layered or recently added, skip it. ## 3. Preview the URL before opening Most scanners and phone cameras let you preview the destination link. Pause and inspect the domain before tapping through. ## 4. Watch for lookalike domains Attackers often use near-miss domains like `paypaI.com` (capital i) or extra words like `secure-login-apple.com`. Tiny differences matter. ## 5. Avoid entering credentials immediately Even if a page looks familiar, avoid entering passwords, card details, or one-time codes right away. Open the official app or type the real website manually. ## Final takeaway QR codes are convenient, but convenience should not replace verification. A five-second check can prevent account takeovers, payment fraud, and malware installs. If you already scanned one, go straight to [What to Do If You Scanned a Suspicious QR Code](/blog/what-to-do-if-you-scanned-a-suspicious-qr-code) or the shorter overview [What Happens If You Scan a Fake QR Code?](/what-happens-if-you-scan-a-fake-qr-code). Last updated May 2026. ## See also - [What to Do If You Scanned a Suspicious QR Code](/blog/what-to-do-if-you-scanned-a-suspicious-qr-code) - [What Is Quishing?](/blog/what-is-quishing) - [QR Code Phishing Email (Quishing)](/blog/qr-code-phishing-email-quishing) - [QRsafer vs. iPhone Camera](/qrsafer-vs-iphone-camera) - [QR Code Threat Map](/threat-map) Download QRsafer for [iOS](https://apps.apple.com/app/qrsafer/id6743708403) or [Android](https://play.google.com/store/apps/details?id=com.bedrockdigitalsolutions20.qrsafer) and verify any QR code before you tap through.