QR fraud is deception that uses a QR code to push a victim into a malicious payment, login, or data-theft flow. The code may lead to a fake website, a payment redirect, a phishing form, or an app installation prompt. Because QR codes hide their destination until scanned, they can bypass visual inspection and look legitimate on invoices, posters, emails, or warning screens.
In cyber security, QR fraud matters because it turns trust in a printed or on-screen code into a fast attack path. Attackers use it to steal credentials, redirect payments, or collect personal data with little time for the victim to verify the request. Defenders reduce risk by validating payment instructions out of band, checking the target URL before opening it, blocking unexpected QR-driven downloads, and training users to treat urgent scan requests as suspicious.