What does QRDefender do?

QRDefender is a secure QR scanner that helps detect phishing, fake payments, and malicious links. It lets you inspect QR code content before opening, giving you time to decide whether a destination is safe.

QRDefender is free to download on both the App Store (iPhone) and Google Play (Android).

Does QRDefender collect my data?

QRDefender is built with a privacy-first approach. All QR code scanning and analysis happens on your device. Analytics and crash reporting are disabled by default — you choose to enable them. Your scan history is encrypted and stored only on your device.

How does QRDefender detect phishing QR codes?

QRDefender includes a bundled phishing URL database for offline detection. URL lookups are performed entirely on your device — no scanned URL is ever sent to external phishing services. It also checks redirects, SSL certificates, and other safety indicators.

Is QRDefender available for iPhone and Android?

Yes, QRDefender is available for both iOS (iPhone) on the App Store and Android on Google Play.

20 January 20265 min read

Payment QR Code Safety: How to Avoid Fake Payment Scams

Payment QR codes are everywhere — from shops to invoices. Learn how scammers exploit them and what you can do to verify payment QR codes before transferring money.

The rise of payment QR codes

Payment QR codes have transformed how we pay. From market stalls to utility bills, scanning a QR code to transfer money is now routine in many countries. But this convenience has attracted scammers who exploit the trust people place in QR-based payments.

How payment QR scams work

Sticker swap

The most common attack is simple: a scammer places their own QR code over a merchant's legitimate one. You scan it, confirm the payment, and the money goes to the attacker instead of the shop.

Fake invoices

Scammers send invoices — by email or post — containing a QR code that directs to their own payment account. The invoice may look official, using logos and formatting copied from real companies.

Inflated amounts

Some fraudulent QR codes encode a payment amount much higher than expected. If your payment app auto-fills the amount from the QR data and you don't double-check, you could send far more than intended.

Redirect to phishing

Rather than encoding a payment directly, some malicious QR codes redirect you to a convincing but fake banking login page. Once you enter your credentials, the attacker has access to your account.

How to stay safe

Always verify the recipient

Before confirming any QR-initiated payment, check the recipient name and account details. If the name doesn't match the merchant or person you expect to pay, cancel the transaction.

Confirm the amount

Never blindly accept a pre-filled amount. Compare it against the price you agreed on or the invoice total. Even a small discrepancy could indicate tampering.

Inspect physical QR codes

If you're scanning a printed QR code at a business, check whether it looks like a sticker placed over something else. When in doubt, ask the merchant to confirm their payment details.

Use a QR scanner with safety checks

A standard camera app won't warn you about suspicious destinations. QRDefender analyses the content of QR codes — including payment QR types — and helps flag anything that looks unusual before you act on it.

Be cautious with unsolicited QR codes

If you receive a QR code you didn't request — in an email, text message, or letter — treat it with the same scepticism you'd apply to an unexpected link.

What makes payment QR codes different

Payment QR codes often use specific formats (like EMVCo for standardised payments) that encode the recipient's account, amount, and reference. This structured data makes them powerful but also means more fields that can be manipulated.

Understanding that a QR code can contain more than just a URL — it can carry financial instructions — is the first step to scanning payments more carefully.

Scan smarter

Payment QR codes aren't going away. They're fast, convenient, and increasingly universal. The key is to treat them with the same care you'd give to any financial transaction: verify, inspect, and only confirm when you're satisfied everything looks right.