Tendvane

← All articles

ScamsJune 24, 2026

QR-code scams jumped sharply this year — how to scan safely

QR-code phishing — "quishing" — is one of the fastest-growing scams of 2026, with industry trackers reporting a roughly 146% rise in the first part of the year. The US Postal Inspection Service and the FTC have both warned about it. Scammers stick fake codes over real ones on parking meters, restaurant menus and scooter docks, or slip them into emails that copy a real airline or hotel.

Scan the fake code and you land on a convincing lookalike page that harvests your login or card details. The trick works because a QR code hides its destination — you cannot see the web address until you are already there.

What to do: treat a QR code like a link from a stranger. On a physical code, look for a sticker pasted over the original — a big red flag. After scanning, read the web address before you type anything; if the domain does not match the business or looks like gibberish, close it. Never scan a code from an unexpected email or text that pushes you to "act now," and pay through the business's own app or website instead.

Quishing is about tricking you, so no app can fully block it — awareness is the defense. But if a scan led to something being installed, Tendvane's Safety check can surface unexpected auto-start programs and browser extensions, and its Repair → hijacked browser fix clears a redirected homepage or search and a sneaky proxy.

Sources

Download Tendvane