QRsafer LogoQRsafer
QR Code Scams at Trade Shows and Conferences: What Every Attendee Should Check
← Back to blog

QR Code Scams at Trade Shows and Conferences: What Every Attendee Should Check

Trade shows run on QR codes — and scammers know it. From rogue badge-registration kiosks to tampered booth codes, here's how to spot the fakes before you hand over your credentials or install something you shouldn't.

2026-05-04 · QRsafer Team

Trade shows and conferences are ground zero for QR code usage. In a single day you might scan a dozen codes — to pick up your badge, download a product brochure, enter a giveaway, join a Wi-Fi network, watch a demo, or save a new contact's details. That normalization is exactly what makes these events an attractive hunting ground for scammers.

The core mechanic is simple: in an environment where scanning is expected and routine, a malicious QR code blends in completely.

1. Tampered badge-registration kiosks

Self-service badge-pickup kiosks at large events use QR codes to match attendees to their registrations. A scammer — who may themselves be a registered attendee — places a sticker QR code over the legitimate code on a kiosk screen or printed sign near the registration area.

When you scan it, you land on a convincing fake "event login" page asking for your email and password. In many cases the page mimics the conference's official registration platform closely enough that nothing feels wrong.

What to look for: Inspect any QR code near registration kiosks for sticker edges or misalignment with the surrounding surface. If the destination URL after scanning doesn't include the official event domain, close the page immediately and alert event staff.

2. Fake booth QR codes

Exhibitors use QR codes constantly — for product brochures, demo signups, contact capture, and lead magnets. Scammers exploit this in two ways.

The first is a QR code on a legitimate-looking booth display that routes to a phishing page. Instead of downloading a spec sheet, you land on a fake "access our content" login page that asks for your work email and password.

The second is more aggressive: a QR code that triggers a prompt to install an app — framed as a "conference companion app," "product demo," or "digital brochure viewer." The app is a credential stealer or remote-access tool.

What to look for: Real product collateral QR codes go directly to a PDF or a publicly accessible webpage — they don't ask you to log in or install software. If scanning a booth code prompts an app install from an unfamiliar source, do not proceed.

3. "Scan to win" giveaway codes

Prize giveaways at trade shows are normal, and exhibitors do legitimately collect your contact info in exchange for a chance to win. Scammers mimic this pattern with standalone signs placed in high-traffic areas — near food stations, registration, or major session entrances.

The fake giveaway page collects far more than a lead-gen form needs: full name, home address, phone number, credit card details for "shipping," or work credentials. Some pages are designed to sell the collected data; others are front-ends for subscription-billing fraud.

What to look for: Legitimate booth giveaways are staffed. An unmanned sign in a hallway with a "scan to win a $500 Amazon gift card" QR code is almost always a scam. Legitimate prize collection only requires your name and email — any page asking for a credit card before confirming a win is fraudulent.

4. Business card QR codes from strangers

Printed QR codes on business cards handed out at networking sessions are a growing attack vector. A card looks legitimate — it has someone's name, title, and logo — but the QR code resolves to a phishing page rather than a LinkedIn profile or company website.

Variants include codes that redirect to fake LinkedIn login pages, pages that auto-download a vCard file containing malware, or links that add you to a WhatsApp or Telegram fraud group.

What to look for: Before scanning any business card QR code, use QRsafer to preview the destination. The URL should match the person's company domain or a well-known professional network (linkedin.com, not linkedin-profile.net). If you receive a card at an event and scan later from home, this preview step is your last checkpoint before the browser loads.

5. Fake Wi-Fi QR codes in event spaces

Conference centers, convention halls, and hotel ballrooms are frequent targets for rogue Wi-Fi QR attacks. A printed card or sticker reading "Event Wi-Fi — scan to connect" placed near a power strip or seating area redirects your device to an attacker-controlled network.

See our dedicated guide on fake Wi-Fi QR code scams for the full mechanics. At events specifically: always ask show staff or check the official event app for the correct Wi-Fi credentials rather than trusting a posted QR code.

Quick checklist before you scan at your next event

  1. Look for sticker tamper signs. Raised edges, bubbling, or misalignment between the code and the surface it's on are warning signs.
  2. Preview the URL. Use QRsafer before your browser loads the destination. The domain should match the exhibitor's company or the event organizer.
  3. Confirm with a person. If a code is at an unmanned kiosk or station, ask a nearby staff member to verify it before scanning.
  4. Never install software from a booth QR code. Legitimate product demos don't require side-loading an app.
  5. Check what a giveaway page asks for. Name and work email are normal. Credit card, home address, and password are not.
  6. Ask for event Wi-Fi credentials verbally rather than scanning any posted code.

How QRsafer helps at events

The single most effective habit at any conference is scanning with QRsafer first — it shows you the full destination URL or content before your browser, app store, or device network settings act on it. That preview window is often the only moment you have to catch a redirect to a malicious page.

Download QRsafer for iOS or Android before your next event.

FAQ

Are QR codes at conference registration desks safe to scan?

Usually yes, but not always. Official badge-registration kiosks at major shows use QR codes to pull up your registration record. The risk is tampered signage — a sticker QR code placed over the real one that redirects to a fake login page harvesting your credentials. Always look for physical signs of tampering (raised edges, misaligned code) and confirm the URL before entering any login details.

What happens if I scan a fake QR code at a vendor booth?

At minimum, you may end up on a phishing page designed to harvest your contact info, work email, or credentials. In more aggressive attacks, a fake booth QR code can trigger a download of a malicious app disguised as a product brochure, conference schedule app, or lead-capture form. If you're prompted to install anything after scanning an unfamiliar code, decline and verify the booth's identity with event staff.

Is it safe to scan QR codes on business cards from strangers?

Treat business card QR codes from people you just met the same as links in cold emails — with healthy skepticism. Legitimate business card QR codes typically resolve to a LinkedIn profile, company website, or vCard. Use QRsafer to preview the destination URL before your browser opens it. If the URL doesn't match the company or person's name, don't proceed.

How do I know if a 'scan for a free gift' QR code at a booth is legitimate?

Legitimate prize or giveaway QR codes at booths typically collect only your name, email, and company for lead generation — the same info you'd hand over on a paper form. Red flags: the page asks for a credit card, password, or home address; the domain in the URL is unrelated to the exhibitor's company name; or the prize sounds implausibly large. When in doubt, ask the booth representative to show you the URL on a business card or their official website instead.