QR Code Scams
What is a "QR Code" Scam?
A QR Code scam is a fraud scheme where scammers use a malicious or misleading QR code to send victims to a fake website, payment page, login portal, or malware download. The scam works because QR codes hide the destination link until after the victim scans them, making it harder to judge where the code will lead. Scammers may place fake QR code stickers over real codes in public places, include QR codes in phishing emails or texts, or send them through social media and messaging apps. Once scanned, the code may lead to a page that looks like a bank, parking meter, delivery company, government agency, or payment service. Victims may be tricked into entering usernames, passwords, credit card numbers, banking details, or one-time verification codes. In some cases, the QR code may push the victim to download an unsafe app or approve a payment. The goal is usually to steal money, capture login credentials, or gain access to personal accounts.
How the Scammers Target New Victims:
QR Code scammers reach victims through emails, text messages, printed flyers, parking meters, restaurant tables, posters, package notices, fake invoices, social media messages, and public QR code stickers. They may place fraudulent QR codes in locations where people expect to scan quickly, such as parking lots, payment kiosks, transit stops, or event entrances. They also send QR codes in messages claiming there is a missed delivery, unpaid bill, account problem, security alert, or special offer.
Who the Scammers Impersonate:
QR Code scammers may impersonate:
- Banks and credit unions
- Parking payment services
- Package delivery companies
- Government agencies
- Utility companies
- Retailers and online marketplaces
- Event organizers or ticketing services
- Restaurants, cafes, or menu platforms
- Payment apps and digital wallet services
- Employers, schools, or IT departments
How to Spot a "QR Code" Scam:
What the Scammers Say (Scam Narratives / Fake Storylines):
Scammers may claim that scanning the QR code is required to pay for parking, view a menu, confirm a delivery, fix an account issue, pay a bill, claim a refund, receive a prize, verify identity, download a required app, or access event tickets. Some messages say the victim must act immediately to avoid a fine, missed package, suspended account, late fee, or canceled reservation. Others use fake promotions, coupons, loyalty points, or giveaways to make the QR code seem harmless.
Information the Scammers Ask For:
QR Code scammers may ask victims to enter usernames, passwords, credit card numbers, bank account details, Social Security numbers, dates of birth, addresses, phone numbers, payment app credentials, or one-time verification codes. They may also ask the victim to approve a payment, download an app, grant device permissions, or sign in through a fake login page that copies a trusted brand.
Scam Warning Signs and Red Flags:
Warning signs include a QR code sticker placed over another code, a code on a poorly printed sign, a scanned link with a misspelled or unusual web address, urgent language, requests for sensitive information, payment pages that do not match the official company website, and messages from unknown senders. Be cautious if the QR code appears in an unexpected email or text, leads to a shortened link, asks for a verification code, or prompts an app download outside the official app store. A QR code that requires immediate payment or threatens penalties should be checked directly through the official website or app.
Victim Experiences and Scam Reports:
Victims often report scanning a QR code that appeared to be connected to parking, package delivery, banking, bills, or a public service, then being sent to a convincing fake website. Many victims enter payment information or login credentials before realizing the page was not legitimate. Some notice fraudulent charges, account takeovers, unauthorized payment app transfers, or identity theft attempts afterward. Others report that a fake QR code was physically placed over a real one, making the scam difficult to detect at first glance.
Protect Yourself from "QR Code" Scams:
Dangerous Actions to Avoid:
Avoid scanning QR codes from unexpected emails, texts, flyers, stickers, or unknown sources. Do not enter passwords, banking details, credit card information, Social Security numbers, or verification codes on a page opened from an unverified QR code. Do not download apps from QR code links unless you can confirm the app through the official app store. Do not approve payments, refunds, or account changes just because a QR code page says action is urgent.
Best Practices to Stay Safe:
Inspect physical QR codes before scanning, especially in public places, and look for stickers placed over original signs. After scanning, check the web address carefully before entering information or making a payment. Use official apps or type the company website directly into your browser instead of relying on a QR code for payments or account access. Keep your phone and browser updated, use multifactor authentication, and monitor bank and credit card activity for unauthorized charges. When in doubt, contact the company, agency, or service using a verified phone number or website.
Key Takeaways to Stay Safe:
QR codes can be convenient, but they can also hide dangerous links. Treat unexpected QR codes the same way you would treat suspicious links in emails or text messages. Always verify the destination before entering personal information, logging in, downloading an app, or making a payment. Public QR codes should be inspected for tampering, and sensitive actions should be completed through official websites or trusted apps.
