Scanned and scammed: QR code tampering on the rise

QR code threats stem from both physical tampering in the supply chain and digital exploits like DNS hijacking and subdomain takeover, enabling attackers to redirect users to malicious sites without detection and compromising consumer safety at scale

QR codes, once seen as convenient tools for quick access and digital payments, are now emerging as potential cybersecurity threats. A recent incident involving an electronics brand highlighted the growing risk, after customers scanning QR codes on product packaging were redirected to gambling, adult content, and fake payment pages instead of the official warranty registration site.

The brand acknowledged the issue and confirmed it had been resolved. However, cybersecurity experts warn that this is part of a broader problem involving QR code tampering, which is becoming increasingly common across industries.

Experts explain that QR codes are inherently opaque—users cannot see where the code will lead until after scanning. This lack of transparency creates a perfect opportunity for malicious actors to insert harmful links without raising suspicion.

Supply chain and digital threats

According to cybersecurity researcher Renganathan P, tampering often occurs in the supply chain, where attackers replace genuine QR codes with fake ones. These counterfeit codes can be printed as stickers and pasted over the original during packaging or distribution. If such changes happen upstream—at warehouses or vendor locations—thousands of compromised units can reach consumers unnoticed.

In addition to physical manipulation, digital risks also exist. Companies frequently link QR codes to temporary domains for promotions or limited-time offers. Once these domains expire, attackers can re-register them and redirect users to malicious websites. This form of attack, known as DNS hijacking, is difficult for end users to detect.

A related threat is subdomain takeover, where unused or poorly managed subdomains are hijacked and misused. Even if the main website is secure, these overlooked subdomains can create security loopholes that undermine consumer trust.

Growing need for QR vigilance

Cybersecurity expert Ashish Jha emphasized the growing need for vigilance. “People often scan QR codes without checking the source or verifying the URL. That automatic trust is being exploited,” he said. Malicious QR codes can install spyware, steal financial data, or lure users into fraudulent transactions.

Experts recommend that companies adopt strict protocols for QR code printing and packaging. Measures such as secure domain management, monitoring of expired campaign URLs, and quality checks in distribution can help prevent widespread compromise.

Consumers are also advised to take precautions, such as previewing URLs before proceeding, avoiding unknown codes in public places, and using trusted scanner apps that alert users to suspicious activity.