What Are QR Codes? How To Use Them Safely And Avoid Scams

what is a QR code?

Mobile smartphone scanning QR code

Quick Response (QR) codes are white squares with unique black markings that can be read by a digital device (usually a smartphone) using the camera lens, functioning much like a traditional barcode.

QR codes are essentially links that don’t require clicking. Instead, they’re scanned with a smartphone camera to open online pages quickly, making them very popular. You can spot QR codes on flyers, magazines, restaurant menus, and even business cards.

How do QR Codes work?

QR codes can be scanned, displayed, or generated


When scanned, QR codes trigger actions such as opening a website, downloading an app, joining a Wi-Fi network, sending a message or making a call.


When displayed, QR codes present information for verification. Examples include displaying boarding passes, proof of vaccination, event tickets, and more.


When generated, QR codes lead to a website to enter a validation code. Examples include pairing smart devices, or adding a device (TV, laptop, phone) to a streaming account.

By scanning a QR code, you may be at risk of:

Having your
information collected

Including type of device that you used to scan the code, your IP address, your location, and any other information you enter while using the site.

Having your financial
information stolen

Including your credit card or any other payment information entered if you make a purchase on a fraudulent site.

Having cookies used without your consent

These cookies track and collect your activity online for marketing purposes.

Having your device
infected with malware

Downloading a scanner app and visiting unknown sites increases the risk of your device getting infected with malware.

It’s important to be cautious when encountering and scanning QR codes. If you have doubts about a code’s authenticity, it’s best to avoid scanning it.

12 Steps to Using QR Codes Safely


Examine the URL preview before opening

Prior to opening a QR code link on your phone, a URL preview should be visible. Ensure the URL is genuine and isn’t a misspelling of a legitimate website. (e.g., “KnowladgeFlow.org” instead of “KnowledgeFlow.org”).


Safeguard your personalized QR codes

Boarding passes and proof of vaccinations contain personal information. Store QR codes containing this type of sensitive information in a secure folder on your device.


Download apps from reputable app stores

Avoid downloading apps via QR codes. Most smartphones have a QR scanner built into their cameras and don’t require a separate app.


Avoid financial transactions that use QR codes

When dealing with your hard-earned money, no convenience is worth the risk.


Check for tampering

Fraudsters will place a fake QR code on top of a legitimate one. Exercise caution by inspecting QR codes for any signs of tampering, or added stickers, and be wary of any webpages that request unnecessary personal information.


Contact the institution directly

If you receive a message containing a QR code supposedly sent by a major institution, like a bank, always contact the institution directly to verify the message’s authenticity. Use the contact number provided on a statement or invoice.



Report any suspected cases of fraud or cybercrime to your local police and the Canadian Anti-Fraud Centre.


Provide minimum information

When completing online forms through QR codes, provide the minimum amount of personal information required.


Be Skeptical

Keep in mind that QR codes are typically used for payments, not for receiving money. Be cautious if someone asks you to scan a code to receive payment; this is likely a scam.


Install antivirus software

Enhance your device’s security by installing a reputable antivirus software such as Malwarebytes. This will provide you with a higher level of protection in case you scan a malicious QR code.


Manually find information first

If you encounter an unverified QR code but want more information about the service or product offered, try to manually find information first to verify its legitimacy. Avoid using the contact information provided with the untested QR code.


Stay skeptical

Stay alert when encountering “too good to be true” messages, like a stranger offering you money or free products if you scan their QR code. Don’t hesitate to decline requests from strangers asking you to scan a QR code.

Have you been impacted by a QR code scam?

Follow these steps:

Update your passwords

If you used your login credentials on a fraudulent site, change your password as soon as possible. If you haven’t already, set up two-factor authentication for added account security.

Get in touch
with your bank

If you provided your credit card details on a fraudulent website, inform your bank immediately. Freeze your account and collaborate with your bank to implement additional safeguards for your financial security.

Report it
to the CAFC

Reporting scams and fraud helps keep us all safe. Report to the Canadian Anti-Fraud Centre (CAFC)
online or by phone.

Toll free: 1-888-495-8501

View or download our QR codes resource!