Skip to content 
UAE ALERT: QR Code Scams Are Rising
Dubai, UAE - November 2025:
Authorities in the UAE have issued warnings as a surge in QR code-related scams commonly known as “Quishing”- continues to target unsuspecting residents and businesses across the country.
From restaurant menus and parking meters to event registrations and delivery notifications, QR codes have become a staple of daily life in the UAE. However, cybersecurity experts and authorities caution that this convenience is being exploited by cybercriminals aiming to steal personal and financial information.
Fraudsters create fake QR codes and overlay them on legitimate ones found in public places, or distribute them through phishing emails and SMS messages. Once scanned, victims are redirected to counterfeit websites that prompt them to enter login credentials, credit card details, or even download malicious software.
Experts note that scammers typically focus on high-traffic and trusted locations to maximize their success.
- Public Parking: This is a prime target. A scammer covers the official QR code sticker on a parking meter with their own. You scan the code, thinking you pay for the parking, but get transferred to a fake portal, which then swipes your credit card info.
- Restaurants and Cafes: Tables are adorned with fake “Scan for Menu” or “Free Wi-Fi” stickers. The customer is either asked to download a “viewing app” which is, in fact, malware or taken to a fake Wi-Fi login portal that captures whatever credentials you enter.
- Event Venues and Transit: Scammers paper over legitimate event schedules or bus/metro QR codes with their own. They may promise a “contest entry” or “discount code” in return for personal data.
- Phishing Emails and Texts: The attack doesn’t always happen in public. You might get an email from a “delivery company” like Emirates Post or Aramex, saying a package is on hold. The QR code to “reschedule your delivery” leads to a site designed to steal your home address and a “redelivery fee.”
Cybersecurity authorities urge residents to remain vigilant and follow essential safety steps:
- Always check the URL after scanning. If it doesn’t start with “https://” it might not be secure.
- Do not enter sensitive information, like passwords, banking, or card details, unless you are 100% confident it is a legitimate site.
- Try not to scan any QR code from random walls or surfaces when in public unless you know where it leads.
- Always update the security software in your device; it can help your device in blocking harmful links and threats.
If you suspect you have interacted with a fraudulent QR code:
- Disconnect Immediately: This means turning off your device’s Wi-Fi and mobile data to stop any malware from contacting the scammer’s server.
- Change Your Passwords: If you entered any login credentials, head to that service’s official website-you go there by typing the address in your browser manually-and change your password immediately. If you use that password on other services, change that too.
- Monitor Your Accounts: Keep a close watch on your bank and credit card statements for any unauthorized charges. If you notice anything, immediately report it to your bank.
- Run a Security Scan: Use a reputable mobile security or antivirus application to scan your device for any malware that could have been installed.
- Report the incident: If you have lost money, report it through the e-Crime platform provided by Dubai Police. You can report the malicious website to TDRA in the United Arab Emirates via www.tdra.gov.ae.
The fast digital transformation and high rate of smartphone adoption place the UAE in the frontline of convenience and technology in the world. It is this forward-thinking environment that embraces digital payments and smart services which, of course, makes it such an attractive target for cybercriminals.
Scammers understand very well that residents and businesses in the UAE are used to carrying out daily transactions using QR codes. Such a high level of trust and familiarity will lead to “scanner’s fatigue” users scan the codes instinctively without a second thought. Cybercriminals know this trust and will seek to leverage it, as one successful Quishing attack in a digitally active economy like the UAE can be worth quite a ransom.
According to recent cybersecurity reports, more than 4.2 million QR code counterfeiting attempts were detected globally in the first half of 2025, marking a sharp rise in Quishing attacks aimed at harvesting online credentials.
Local cybersecurity training providers, such as RedTeam Hacker Academy UAE, emphasize that “knowledge remains the first line of defence.” The academy offers practical training in ethical hacking, penetration testing, and digital forensics to help individuals and organizations identify and neutralize such digital threats before they escalate.
For more information on cybersecurity awareness and safe online practices, residents are encouraged to follow updates from the TDRA and Dubai Police’s official channels.
