For those who don’t know, it’s where someone takes a QR code like on a poster for a concert and puts a sticker with a different QR code on top to a fake website that looks like the concert website (or a Rick Roll).
The obvious answer is to scratch off the QR code if you notice it’s a sticker, but It’s not always acceptable -or legal- to start damaging stuff to check if it’s real or not. Also what if it’s out of reach on a sign or something?
You can’t put a little text under saying what the website is as a sort of checksum because the vandal can just write their own website under their sticker.
Easy: Don’t scan QR codes. Manually enter the URL yourself. I haven’t seen any QR codes advertised anywhere that don’t also include the URL somewhere on the flyer, commercial, menu, etc.
Have seen some in a political campaign. White campaign poster only with a QR code … it was looking like the biggest phishing tactic so rip them out