Millions of Brits fall for dangerous QR codes that can't be detected with naked eye — ‘approach with caution’

an iphone is pictured on the right side of the picture with a broken screen trying to scan a qr code with blood splatter

All products are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more

Aaron Brown

By Aaron Brown

Published: 02/03/2024

- 03:30

Security researchers advise against unquestioningly scanning QR codes

  • 3 million Britons have been thrown to an untrustworthy site by a QR code
  • Of those, 16% (roughly 480,000 people) had personal data stolen
  • Experts have offered some advice to stay safe when using QR codes

A staggering 3 million Britons have found themselves visiting an untrustworthy site — risking exposure to malware and scams — after blindly scanning a QR code, new research cautions.

Security researchers have studied the British public’s attitude to QR codes, which have existed since the mid-90s but exploded in popularity during the Covid-19 pandemic when restaurants, shops, and pubs wanted to prevent customers from sharing printed menus and other physical items.

Almost three-quarters of Brits surveyed (72%) did not check a QR code before scanning it to launch a dedicated app, app store listing, payment portal, or website. A meagre one in six people were aware that QR codes could be used to proliferate scams, the researchers found.

According to the research, which was commissioned by the security specialists at NordVPN, of the three million Britons who admitted to finding themselves on dubious sites after scanning a QR code, one in six (16%) fell prey to cybercriminals and had their personal data stolen.

a woman in a grey sweatshirt uses her phone to scan a qr code on a menu

QR codes have become a popular way to access hands-free menus, place orders with a smartphone, or sign-in to new Wi-Fi networks in hotels and AirBnBs


QR Codes were developed by Japanese firm Denso Wave — a division of Denso, which is a subsidiary of automobile giant Toyota — to track parts during the car assembly process. The pattern that makes up a QR code can house a surprising amount of information — up to 4,000 characters of text, as it turns out. This can be used to direct users to URLs, phone numbers, PDF documents, or kickstart a download from the Apple App Store or Google Play Store.

QR codes are sometimes used to authenticate online accounts and verify login details. When launching a new session on WhatsApp Web, iPhone and Android users will need to scan a QR code on their laptop or desktop PC to verify they're the account owner.

In response to the lack of awareness around QR codes, which can be the equivalent of clicking an unknown link in a strange email, NordVPN is urging consumers to exercise heightened vigilance.

Marijus Briedis, Chief Technology Officer at NordVPN, comments: "In our increasingly digital landscape, QR codes have become indispensable for their convenience in various daily tasks, from connecting to Wi-Fi in coffee shops to streamlining orders at restaurants like Wetherspoons.

“However, blindly trusting QR codes can inadvertently expose users to cyber scams. It's vital to approach them with caution and awareness of potential risks.

“To safeguard against falling victim to scammers, there are proactive steps you can take.

“Before scanning a QR code, ensure it originates from a reputable source and verify with the venue that it belongs to them. Also consider using a dedicated QR code scanning app instead of the default camera app for added security measures, as these apps can often detect malicious sites or software.

“If a QR code redirects you to an unrelated or suspicious website, refrain from providing personal information and exit the page immediately. By adopting these precautions, users can enjoy the convenience of QR codes while minimising the risk of exploitation by cybercriminals.”


Gen Z and Millennials are the most avid users of QR codes among all age groups. A third (31.5%) of individuals aged 18 to 34 use QR codes to access public Wi-Fi. Meanwhile, 28% of those aged between 18 and 24 express a preference for QR codes over physical menus in restaurants and pubs.

Over half (56%) of people opt for the convenience of scanning codes directly onto their smartphones using built-in cameras, while just over a quarter (27%) prefer to use a dedicated QR scanning app.

You may like