QR codes are everywhere, from utility statements to restaurant menus. They make life faster and easier, letting you pay bills, check out or access information in seconds. However, that same convenience can cause you to let your guard down. Millions of Americans have already fallen for QR code scams, with the Federal Trade Commission and several state agencies sounding the alarm. All it takes is one careless scan to expose your personal data, drain your bank account or infect your device with malware.
Before scanning your next code, take a moment to learn how to spot and avoid scams.
What are QR code scams?
Also called “quishing,” QR code scams lure targets with fake codes that look normal but are set up to steal your personal or financial information. Since you can’t see a QR code’s destination before scanning, it’s an ideal disguise for fraud.
How do QR code scams work?
QR code scammers prey on your tendency to quickly scan QR codes without verifying authenticity, especially if you’re in a hurry or curious. Like most scams, crooks prefer to blend in with what feels normal and intercept authentic transactions or communications. Remember, most QR codes are legitimate and designed to help you pay bills, send and receive money or get information quickly. But it’s this trust scammers take advantage of to deceive users.
For example, you might be rushing to pay for parking and notice a QR code on the parking meter. Instead of the city's payment site, you land on a fake page that steals your credit card details as soon as you enter them. Or you might receive an unexpected package with a note containing a QR code, urging you to scan to reveal the sender's identity or get more information. Even if you don’t enter anything, visiting the site might download malware that reads all of the sensitive data on your phone or tracks keystrokes.
In both scenarios, scammers take advantage of the widespread acceptance of QR codes and the speed with which people scan them, turning a convenient technology into a powerful tool for fraud schemes.
Protect yourself from QR code scams
You don’t need to become a cybersecurity expert to avoid this scam. A few simple habits can keep you safe while still enjoying the convenience these codes offer.
- Make double-checking your default.
Get in the habit of verifying QR codes through a second method when possible. If it's for a restaurant menu, ask the server. If it's for parking, check if there’s a phone number on the meter you can call. Building this backup routine can save you from scams.
- Perform a QR code sticker check.
If no one is available to verify whether the QR code is authentic, do a self-check. Look for signs of tampering, like a fresh sticker covering the original code. If the edges look uneven, the paper seems newer than its surroundings, or something just feels off about its placement, you might be dealing with a fake code.
3. Find out where the code takes you.
Many newer phones preview the web address before opening the site. Take advantage of this feature. If you're expecting to land on a familiar website but see a suspicious-looking URL instead, close it immediately. If your phone doesn’t show a preview, consider using a security-enabled QR code scanning app.
4. Find alternatives.
When something feels suspicious, explore other ways to complete your task. Instead of scanning a questionable code, navigate directly to the company's official website through your browser or call the customer service line. This slight delay could save you hours of financial headaches trying to undo the damage caused by the scam.
5. Limit app permissions and keep your device secure.
Before scanning, make sure your device’s security settings are updated, and avoid granting unnecessary permissions to access your contacts or files. Keep your operating system and security software up to date to protect against malware that could be delivered via malicious QR codes.
What to do if you suspect a QR code scam
If you believe you've scanned a suspicious code and entered personal information, immediately change any entered passwords and contact your financial institution or credit card company so they can help secure your accounts.
Just as you'd look both ways before crossing a street, exhibit caution before you scan. These simple habits can help keep your finances safe while preserving the convenience you already enjoy. For more tips on protecting your accounts, explore our fraud section designed to help you confidently manage your online security in today's world.