QR Code Scams at Office Buildings and Coworking Spaces
← Back to blog

QR Code Scams at Office Buildings and Coworking Spaces

Office QR codes feel routine: visitor check-in, Wi-Fi, package rooms, parking, and event flyers. That routine is exactly why workplace QR scams work. Here is what employees and office managers should check.

2026-07-09 · QRsafer Team

Office buildings are full of QR codes now. Visitor badges. Wi-Fi signs. Conference-room displays. Package lockers. Parking kiosks. Coworking event flyers. Most of those codes are legitimate, but the setting creates a specific risk: people assume anything posted inside the workplace is approved.

That assumption is what scammers exploit. An office QR code does not need to look dramatic to be dangerous. A small sticker over a Wi-Fi sign or a fake "visitor check-in" card near the front desk can send employees and guests to a phishing page before anyone notices.

Here are the five office-building QR code scams worth training people to spot.

1. Visitor check-in QR codes that steal credentials

Many offices use QR codes for visitor registration. A real flow may ask for a name, company, host, and phone number. A fake flow goes further: it asks visitors or employees to "sign in with Microsoft," "verify your badge," or enter a company email password.

That is the red flag. A visitor check-in code should not need your work password. If a code near a lobby or reception desk opens a login page, ask front desk staff or building security to confirm it before entering anything.

For employees, this is similar to the broader email quishing pattern: the QR code moves the login attempt to a phone, outside the tools that normally inspect work email links.

2. Office Wi-Fi signs that route to fake portals

Wi-Fi QR codes are convenient. They can also be abused. A fake poster may advertise "guest Wi-Fi" or "conference Wi-Fi" and send phones to a captive portal that requests email credentials, employee IDs, or personal information before showing a password.

Real guest Wi-Fi may ask for a simple access code or terms acceptance. It should not ask for your corporate password unless your IT team explicitly uses a known single sign-on flow. If the QR code is a loose sticker, taped paper, or unfamiliar poster, verify the network name with reception or IT.

Read more about the consumer version in the fake Wi-Fi QR code scam.

3. Package-room and locker QR codes

Package rooms and smart lockers often use QR codes for pickup, support, or carrier tracking. A fake code can imitate a locker vendor and ask you to enter a phone number, apartment or suite number, payment card, or account login to "release" a package.

The safer path is to use the building app, the carrier app, or the notification you expected. If a QR code on a locker suddenly asks for payment or your work password, stop and ask building management.

4. Parking garage and building-access payment codes

Office parking garages use QR codes for validation, visitor payment, and monthly pass management. Scammers target these because the user is often in a hurry. A sticker placed over a payment sign can collect card details or route payment to the wrong account.

Check the domain before paying. The page should match the parking operator, building management company, or known payment provider. If the code is damaged, layered, or sitting on top of another sticker, pay at the kiosk or ask the desk for the official link.

For a deeper version of this risk, see parking garage QR code scams.

5. Coworking event flyers and business-card QR codes

Coworking spaces host meetups, pitch nights, lunch-and-learns, and vendor events. QR codes show up on flyers, table cards, badges, and business cards. Most point to harmless event pages or LinkedIn profiles, but some lead to fake contact forms, fake job offers, or credential-harvesting pages.

The rule is simple: a profile or event page is fine; a password prompt is not. If a networking QR code asks you to log in before viewing a profile, open LinkedIn or the event platform directly instead.

Office-manager checklist

Use this once a month for any QR code posted in shared space:

  • Keep a list of official QR code locations, owners, and destination URLs.
  • Check lobby, elevator, package-room, parking, kitchen, restroom, and conference-room signs.
  • Look for sticker overlays, mismatched print quality, damaged codes, or unexpected short links.
  • Scan each code with a safety scanner and confirm the destination matches the inventory.
  • Remove any code with no owner, no business purpose, or a destination nobody recognizes.
  • Tell employees how to report suspicious QR codes without feeling like they are overreacting.

What to do after a suspicious office scan

If you scanned but did not enter anything, close the page and report the code location. If you entered a work password, treat it like a phishing incident: tell IT immediately, change the password through the official portal, and revoke active sessions. If you entered payment details, contact your card issuer and preserve a photo of the code.

Do not peel off a suspicious sticker before documenting it unless it is actively causing harm. A photo helps building management and IT identify where the code was placed and who may have scanned it.

See also

Download QRsafer for iOS or Android and check workplace QR codes before a browser, login page, or payment form opens.


Frequently asked questions

Can a QR code inside an office building be fake?

Yes. A scammer or unauthorized visitor can place a sticker over a legitimate visitor check-in, Wi-Fi, parking, package-room, or event QR code. The code may open a fake login page, payment form, or credential-harvesting portal.

What office QR codes are highest risk?

The highest-risk codes ask for a password, payment, badge details, or personal information. Visitor check-in signs, Wi-Fi posters, package lockers, parking payment codes, and coworking event flyers deserve extra attention.

How should office managers inspect posted QR codes?

Keep an inventory of official QR code locations and destination URLs. Once a month, scan each code with a safety scanner, confirm the destination, look for sticker overlays, and remove any code that does not match the inventory.

What should an employee do after scanning a suspicious office QR code?

Close the page, preserve a screenshot or photo of the QR code, report it to IT or building management, and change credentials only if they were entered. If it involved a work account, notify IT immediately.

FAQ

Can a QR code inside an office building be fake?

Yes. A scammer or unauthorized visitor can place a sticker over a legitimate visitor check-in, Wi-Fi, parking, package-room, or event QR code. The code may open a fake login page, payment form, or credential-harvesting portal.

What office QR codes are highest risk?

The highest-risk codes ask for a password, payment, badge details, or personal information. Visitor check-in signs, Wi-Fi posters, package lockers, parking payment codes, and coworking event flyers deserve extra attention.

How should office managers inspect posted QR codes?

Keep an inventory of official QR code locations and destination URLs. Once a month, scan each code with a safety scanner, confirm the destination, look for sticker overlays, and remove any code that does not match the inventory.

What should an employee do after scanning a suspicious office QR code?

Close the page, preserve a screenshot or photo of the QR code, report it to IT or building management, and change credentials only if they were entered. If it involved a work account, notify IT immediately.