QRsafer LogoQRsafer
QR Code Scams at Breweries and Wineries: What to Know Before You Taste
← Back to blog

QR Code Scams at Breweries and Wineries: What to Know Before You Taste

Craft breweries, taprooms, and wineries rely heavily on QR codes for menus, wine-club sign-ups, and tour bookings — making them a target for scammers who know visitors are relaxed and far less likely to scrutinize a URL than they'd be at an ATM.

2026-04-30 · QRsafer Team

You're seated at a barrel-room table, a tasting flight in front of you, and a small card propped against the candle invites you to scan a QR code for the full menu or to join the wine club. You scan without a second thought — it's a winery, not a scam risk.

That assumption is exactly what scammers count on.

Craft breweries, taprooms, and wineries have built their customer experience around QR codes: digital menus, club sign-ups, tour reservations, and event registrations have all migrated to the scan-and-go format. Visitors are relaxed, often mid-tasting, and the low-stakes, welcoming atmosphere makes scrutinizing a URL feel unnecessary. It's the same calculus that makes restaurants and bars and nightclubs high-risk environments — and the same playbook applies here.

Here are the three variants operating in tasting rooms and taprooms right now.

Variant 1: Tampered table and bar-top QR codes

This is the most technically straightforward attack, and it's effective because it requires almost nothing: a printer, some patience, and a few minutes unobserved at the venue.

An attacker visits during a busy tasting session — when staff are occupied pouring flights and answering questions — and presses a sticker QR code over the legitimate one on table cards, bar-top menu placards, or tasting-flight boards. The sticker is printed to approximate the original in size and finish. In the warm, low lighting of a barrel room or taproom, it is essentially invisible.

The destination is a page crafted to look like the venue's ordering or menu system: same logo proportions, same color palette, a plausible list of beers or wines. When you select items and tap "Pay," you are entering your card details into a form the attacker controls. The real venue receives no order, and no confirmation arrives.

The tell: A legitimate venue menu or ordering page shows a domain in the address bar that matches the venue's official website. If the domain is generic, uses hyphens, or you've never seen it before, close the browser and ask a staff member for the correct URL.

Variant 2: Fake wine-club and mug-club sign-up QR codes

The second variant targets the membership moment — when a guest is enthusiastic about the tasting and ready to commit to a wine or beer club.

Attackers place printed signs in barrel rooms, on staircase walls, or near the exit: "Join our wine club and receive 20% off every order — scan to sign up." The sign uses the venue's real name, sometimes photos lifted from the venue's social accounts, and a QR code. The form it leads to asks for name, email, mailing address, and full credit card details to "start your membership."

Victims don't hear from the club because the club doesn't exist. What the attacker has is a recurring billing authorization and personal details they can use for targeted follow-up phishing — emails referencing the winery by name that ask the victim to "confirm their shipment" or "update their member account."

This variant also runs on social media: fake accounts impersonating a popular local brewery post a "founders club" offer with a QR code visible in the image. The seasonal peaks are summer, the lead-up to harvest festivals, and the holiday gift season — when winery club memberships are a common gift purchase.

The tell: Always navigate to the venue's official website directly and verify that the club sign-up URL matches before entering payment details. If a sign-up form asks for card information before showing you a membership summary or confirmation screen, it's a red flag.

Variant 3: Fraudulent tour and private-tasting booking QR codes

The third variant intercepts visitors before they arrive — or at the moment they want to upgrade their experience.

Fake listings on third-party event and experience sites (Viator, TripAdvisor, Airbnb Experiences) use the brewery's or winery's real name and photos to advertise private tastings, harvest dinners, or cellar tours. The QR code in the listing or confirmation email leads to a fake payment page for a deposit. The event does not exist, and the "experience host" is unreachable after payment.

The same attack runs through fake venue social media accounts — a recently created Instagram or Facebook profile using the winery's name and images posts QR codes for "exclusive barrel-room tastings" or "members-only harvest events." The urgency of limited availability makes people book without verifying.

Real booking platforms for legitimate venues always use the venue's official domain or a well-known booking platform (Tock, Resy, OpenTable) that you can verify independently. The venue's official website will list the same experience, and you can call them directly to confirm.

What to do if you entered information on a suspicious page

If you entered payment information: Contact your card issuer immediately and report the transaction as potentially fraudulent. Request a new card number. Monitor your statements for small test charges.

If you entered a login or password: Change the password on the account immediately and enable two-factor authentication. If you use the same password elsewhere, update those accounts as well.

If you provided your name, email, and phone number: Expect targeted phishing follow-up referencing the venue. Be skeptical of any emails or texts that ask you to confirm a membership or shipment.

What to remember at breweries and wineries

  • The relaxed, social atmosphere of a tasting room is designed to lower your guard — which is precisely why it's a productive environment for tampered QR codes.
  • Check the address bar after scanning: the domain should clearly match the venue's official website.
  • Ask a staff member to confirm the menu URL, Wi-Fi network, or club sign-up link before entering any payment or personal details.
  • The same tampered-QR approach that works here also works at coffee shops and bars and nightclubs — the setting changes, the attack doesn't.
  • Seasonal peaks — summer tastings, harvest festivals, holiday gift memberships — bring higher attacker activity alongside higher foot traffic.

See also

Download QRsafer for iOS or Android and scan any brewery or winery QR code before your browser opens it. It takes two seconds and tells you whether the destination is safe before you hand over anything.

FAQ

Can a QR code at a winery or brewery tasting room be fake?

Yes. Sticker QR codes placed over legitimate ones on table cards, bar-top menus, and tasting-flight boards are the most common vector. The sticker is printed to match the original in size and style, and in the relaxed lighting of a taproom or barrel room it's nearly invisible. When scanned, the fake code leads to a page that mimics the venue's ordering or menu interface — often using the same logo and color scheme — but any payment details you enter go directly to the attacker. The real venue's menu or ordering app will always display the venue's name in the browser address bar and match a domain you can verify on the venue's official website.

What do scammers do with card details collected from a fake wine-club or brewery QR code?

Card details captured through a phishing payment page are either used immediately for fraudulent purchases or sold in bulk on dark-web marketplaces. Name, email, and phone number collected through a fake club-membership form are used for targeted phishing — you may receive convincing follow-up emails or texts that reference the winery or brewery by name. If the form asks for a recurring billing authorization, the scammer may attempt small test charges before making larger ones, counting on the subscription format to delay detection.

How do I tell a legitimate 'join our club' QR code from a scam?

Legitimate winery and brewery clubs process memberships through their own website or a well-known platform (WineDirect, Commerce7, Shopify). After scanning, the address bar should show a domain that clearly matches the venue — usually the same domain as their official website. Red flags include a generic domain with no venue branding, a form that asks for full card details on the first screen with no order confirmation step, and any urgency language ('offer expires today,' 'limited spots'). When in doubt, ask a staff member for the URL and type it directly into your browser instead of scanning.

Does QRsafer protect me when I'm at a brewery or winery?

Yes. Before scanning any QR code at a brewery, winery, or taproom — on a tasting menu, a wine-club sign, a tour-booking placard, or a social media post from the venue — scan it with QRsafer first. QRsafer checks the destination URL against threat intelligence databases and flags links to phishing pages and fraudulent payment portals as Risky or Dangerous before your browser opens them. In a relaxed setting where you're unlikely to pause and scrutinize a URL, scanning with QRsafer first adds two seconds of safety before you hand over your card or personal details.