Por Eventqode13 de febrero de 2026
restaurant menu QRquishingQR securityphishing

Is your dinner a trap? How to know if a restaurant menu QR code was tampered with

You arrive at a restaurant, sit down, and there it is: a black-and-white square stuck on the corner of the table. You are hungry, you pull out your phone, scan it and... are you sure where that link will take you?

Quishing (QR + phishing) is a scam trend spreading across restaurant tables and terraces. Cybercriminals do not need to hack a restaurant server. They only need a cheap label printer and one distracted second.

Here is how to detect a fake QR code before your bank account pays for someone else's dinner.

1. The surface check (touch before you scan)

It is the most basic method, but also one of the most effective. Restaurants usually print their QR codes directly on the table holder, acrylic stand, or the menu itself.

Red flag: run your finger across the code. If you feel an edge or notice a sticker layered over the original design, do not scan it.

The attacker trick: placing a malicious QR on top of the real one is the fastest way to redirect users to a fake site that asks for personal data or pushes malware.

2. URL anatomy: where are you really going?

When you scan a QR code, your phone usually shows a link preview before opening it. Do not ignore that one-second preview.

Look for inconsistencies: if the restaurant is called "Mario's Pizzeria" but the link points to bit.ly/free-discount-342 or a strange domain like secure-restaurant-menu.xyz, be suspicious.

HTTPS matters: while not a total guarantee, if the link starts with http:// (without the secure S), close it immediately.

3. Does it ask you to download a file? Run

A restaurant QR code should lead to a web page or a PDF that can be viewed in your browser.

Golden rule: if your phone asks, "Do you want to download menu.exe or install this app?" stop right there. No salad in the world requires software installation.

4. Suspicious design signals

Scammers are often sloppy with visual details. Check these signs:

  1. Poor contrast: the QR looks blurry, pixelated, or crooked like a bad photocopy.
  2. Contradictory information: the QR says "Daily Menu" but the poster design talks about an unrelated drink promotion.

5. What to do if you already scanned it (emergency protocol)

If the page asks you for any of these:

  1. Facebook or Google credentials to "view the menu".
  2. Card details to "place your table order" on an unknown website.
  3. Permission to access your camera or contacts.

Close your browser and notify the restaurant manager. You protect yourself and every customer who sits at that table after you.

Conclusion: a physical menu is always an option

Do not let technology ruin your evening. If a QR code feels off, ask for a printed menu. It is analog, it never runs out of battery, and most importantly: nobody can hack laminated cardboard.

SEO security tip

If you run a restaurant, use white-label dynamic QR codes. That way, customers see a trusted link like your-restaurant.com/menu instead of a random character string, which increases confidence.

Has a QR code ever taken you to a strange website? Share your experience in the comments and help others avoid the trap.