Related blog
Physical fraud has also returned. Scammers place fake parking violation notices on cars with a QR code stating "Pay fine here via d.cscan.com." Because the victim scans a physical paper, they let their guard down.
The safest rule in cybersecurity is context. If you receive an unsolicited QR code via email or text message from a stranger, or if you see a sticker stuck on top of an official sign, do not scan it.
Most d.cscan.com QR codes are designed for Microsoft Authenticator, Google Authenticator, or Okta Verify. Do not use your default camera app’s QR reader; instead, open your authenticator app and select "Add account" or "Scan QR code."
The d.cscan.com URL is a security endpoint utilized by Trend Micro’s Cloud App Security suite. When this URL appears within a QR code, it functions as a Secure QR Gateway. Its primary purpose is not to store data, but to act as an intermediary "safety hop" that inspects the final destination of a link before the user's device connects to it. This mechanism protects users from QR-phishing (Quishing) attacks, malicious drive-by downloads, and exploit kits hidden behind seemingly innocent QR codes.
If you scanned a d.cscan.com QR code and were immediately taken to a page asking for your username, password, credit card, or demanding you download a file (e.g., .apk or .exe):
