# QR Code Scams at Conventions and Expos: What Attendees and Exhibitors Should Check

> Conventions and expos are full of badge, booth, prize, Wi-Fi, event-app, and lead-capture QR codes. Here is how to scan them without handing credentials or payments to the wrong page.

URL: https://www.qrsafer.com/blog/qr-code-scams-at-conventions-and-expos
Published: 2026-07-17

---

Conventions and expos are built around scanning. You scan to pick up a badge, enter a booth giveaway, download a slide deck, join Wi-Fi, save a contact, book a demo, or install an event app.

That normal behavior is exactly what makes convention QR codes attractive to scammers. In a crowded hall, a fake QR code does not have to be sophisticated. It only has to look like one more sign among hundreds.

## Fake lead forms at booths

Booth QR codes often lead to lead-capture forms: name, company, email, role, and what you are interested in. That is normal. A scam form usually asks for more than a booth needs.

Watch for forms that ask for your password, personal email password, credit card, home address, Social Security number, or a "verification code" from your phone. A real exhibitor might ask for a work email to send a white paper. They should not need your account credentials to show you a brochure.

If you are unsure, ask the booth staff to confirm the destination domain before you submit. The URL should match the exhibitor's company or a known event platform.

## Prize and giveaway QR codes

"Scan to win" signs are everywhere at expos. Legitimate giveaways are common, but scammers copy the format because it lowers your guard.

The risky version is usually unmanned. A sign near a food station, escalator, or hallway promises a gift card, travel prize, free gadget, or conference refund. The form then asks for payment details to cover shipping, or it asks you to log in with Microsoft, Google, LinkedIn, or an event account.

That is the red flag. A normal giveaway can collect your name, work email, and company. It should not need payment information before you have won anything.

## Event app lookalikes

Many conventions rely on event apps for schedules, booth maps, session check-ins, and networking. Scammers exploit that expectation by placing a QR code that says "Download the updated event app" or "Install the expo scanner."

If the QR code opens the App Store or Google Play listing for the official event app, that is usually fine. If it sends you to a direct APK download, a TestFlight link you did not expect, or a page asking you to install a configuration profile, stop.

Go to the event organizer's official website or ask registration staff for the correct app link.

## Badge QR code abuse

Badges often contain QR codes that exhibitors scan to capture your contact details. That is convenient, but it also means your badge may expose more data than you realize.

Do not post photos of your badge online while the QR code is visible. Someone can scan the image and potentially collect your name, company, title, email, and registration details. If you need to share a photo, cover the QR code and any attendee ID first.

For more on identity and account risk after a scan, see [what to do if you scanned a QR code in an email](/what-to-do-if-you-scanned-a-qr-code-in-an-email) and [can a QR code add a device to your account?](/can-a-qr-code-add-a-device-to-your-account).

## Hotel and conference Wi-Fi signs

Expo venues, hotels, and conference centers are fertile ground for fake Wi-Fi QR codes. A card near a seating area might say "Event Wi-Fi - scan to connect." The QR code can send you to a fake captive portal that asks for email, work password, or payment details.

Use the Wi-Fi network name and password from the official event app, registration desk, hotel front desk, or printed program. If a Wi-Fi QR code asks for your work password, close it.

Our [fake Wi-Fi QR code scam](/blog/fake-wifi-qr-code-scam) guide explains the mechanics in more detail.

## Quick scan-safety workflow for attendees

1. Check the physical code for sticker edges, bubbling, mismatched paper, or crooked placement.
2. Preview the URL before opening. It should match the exhibitor, organizer, hotel, or event platform.
3. Do not install software from an unmanned QR sign.
4. Do not enter a password to download a brochure or join a giveaway.
5. Ask booth staff or event staff to verify any code that triggers a payment, login, install, or file download.

## Checklist for exhibitors and organizers

Exhibitors have a different job: make sure their own QR codes cannot be quietly replaced.

- Photograph every official booth QR sign before the hall opens.
- Inspect table cards, monitor stickers, posters, and giveaway signs at the start and end of each day.
- Use branded URLs or QR destinations that clearly match your company domain.
- Train booth staff to tell attendees what domain they should see.
- Remove damaged or stickered signs immediately.
- Report suspicious hallway signs to show security, especially if they use your brand name.

If you run recurring events, build this into your event close checklist and your [QR code security audit](/blog/qr-code-security-audit-for-businesses).

## How QRsafer helps at conventions

QRsafer shows the QR destination before the page opens, then checks the destination for suspicious signals. That matters most in high-scan environments like expos, where people move quickly and QR codes appear on everything.

Use it for booth codes, Wi-Fi signs, event-app links, giveaway forms, and business cards before submitting information.

## See also

- [Trade Show and Conference QR Code Scams](/blog/trade-show-conference-qr-code-scams)
- [Is a QR Code on a Business Card Safe?](/is-business-card-qr-code-safe)
- [LinkedIn QR Code Scam](/linkedin-qr-code-scam)
- [Hotel QR Code Scams](/blog/hotel-qr-code-scams)
- [QR Code Threat Map](/threat-map)

Download QRsafer for [iOS](/app/ios?source=content&campaign=convention-expo-qr-scams&asset=cta) or [Android](/app/android?source=content&campaign=convention-expo-qr-scams&asset=cta) before your next event.