The BBC has highlighted a 14-fold increase in “quishing” reports in the UK…this is a scam in which a QR code is emailed to unsuspecting targets. As in any phishing scam the emails look authentic and the QR codes are used to bypass some email security systems. Other quishing approaches are using with contactless payments such as parking meters, restaurant menus, and other avenues where criminals apply their own doctored QR codes to signs. See this article from Trend Micro

Another interesting methods involves unsolicited packages arriving at businesses with a return label QR code which potentially provides access to a user’s phone and may drop malicious software. https://www.digitaltrends.com/mobile/fbi-warns-qr-code-scam/

Besides the obvious step of being leery of QR codes via email or in public areas:

• Verify weblinks…your QR scanner will show you where a code will direct you

• Enticing or limited time offers - you know better

• Beware of any QR code which asks for personal details, account info, or to install software of any kind

• In some restaurants be wary of payment from QR codes…be sure to validate the link that you are being sent to…if there is any kind of QR sticker on your payment receipt…forget it.