Telltale Signs Of QR Code Scams To Watch Out For

QR (quick response) codes are everywhere these days, and millions of people use them each day to access information, make payments, check in, etc. According to the statistics portal Statista, in 2022, approximately 89 million people in the United States used their smartphones to scan a QR code. By 2025, projections put this number at more than 100 million. Unfortunately, the rise of QR code usage has also led to an increase in security risks. Cyber scammers have figured out how to exploit both the convenience of QR codes and overall trust people have in scanning them. As reported by the Federal Trade Commission, if a person scans a fraudulent QR code, they become vulnerable to identity theft.

According to the FTC, scammers are now hiding harmful links inside of QR codes, which, in turn, take people to phishing websites where their personal information can be stolen. The scammers have developed a few different approaches to fooling victims, including placing a sticker over a real QR code and sending phishing text messages or emails that require some urgent action on the part of the recipient. To guard against a possible QR scam, it's important to become familiar with their telltale signs and to trust your gut if anything at all seems suspicious.

Fraudulent QR codes easily look real

Masahiro Hara invented the QR code in 1994 as an engineer at the Japanese automotive company Denso Wave. His goal was to develop a 2D code that would be more efficient for tracking than the one-dimensional barcode the company had been using. Per, the other key to the code was figuring out the ratio of black and white areas to eliminate erroneous reading, which Hara and his team did after exhaustive research.

The final QR code, which can be scanned from any direction, debuted 1 ½ years after the project began. Today, some 30 years after Masahiro Hara came up with his idea, QR codes are used all over the world and in myriad ways, from reading menus to boarding a plane to verifying credentials. The ubiquitous codes (which experienced a resurgence during the pandemic) can hold 7,089 characters and can even work when damaged.

Unfortunately, because all QR codes look similar — and people trust them — this leaves an opening for scammers to manipulate the codes to their advantage. As Angel Grant, vice president of security for the Seattle-based multi-cloud application services and security company F5, explained to AARP, QR codes have been on the radar of scammers from the very start. "Whenever a new technology or a new offering comes out, cybercriminals look for ways to manipulate it," Grant said. "So we've seen criminals targeting QR codes pretty much from when they were originally put out."

Check if the QR code is actually a sticker

In a QR scam, the scammer's goal is to get someone to scan the code. And as per usual, these scam artists attempt to fool victims into thinking the code is perfectly normal. One approach is to print QR code stickers, which the thieves then post in a publicly accessible location, like a parking meter.

Per the Better Business Bureau, in this scam, the scammers put the QR code sticker on a parking meter in a way that makes it seem logical to anyone that this is how they can pay for the spot. Only, the sticker is covering the real QR code, or it has been strategically placed so the consumer doesn't question it. Unfortunately, after the person's paid for the spot at a phishing website, their payment information is now with the crooks, which could likely lead to even more unauthorized charges — especially if it's not caught in time. Further, they might have a parking ticket waiting for them for failure to pay for the parking spot, which, at least, would alert them that they've been scammed.

Speaking to Fox 5, BBB spokesperson Simone Williams said in such situations, touching the QR code is the best way to detect a fake. "Touch the QR code," she said. "See if it's been tampered with, see if there's another QR code on the bottom." In addition to parking meters, fraudulent QR code stickers have been known to appear on fliers, restaurant napkin holders, and public walls.

Question text messages or email with QR codes

Another common way criminals try and scam people through QR codes is via phishing campaigns. Sent through either email or text message, these communications attempt to convince the recipient that they need to attend to a matter quickly, such as a package couldn't be delivered or there's an issue with their account. To resolve the matter, a person is prompted to scan the QR code. This, of course, takes them to a phishing website where their sensitive information can be stolen after logging in or entering any financial information.

Alternatively, fraudsters could make it so that when the QR code is scanned, it installs malware, which then steals the person's information in that way. What's especially problematic is that often people don't realize they've been scammed until much later. According to a U.S. News & World Report survey on identity theft, of the 2,000 U.S. adults surveyed, 34% reported financial losses between $100 and $500 as the result of identity theft, while 15% said they lost more than $1,000. Meanwhile, 60% of respondents said it took them several weeks to regain control of their stolen identity, while 20% said it took a few months

Avoid QR codes linking to discounts or payment

Similar to fake emails and text messages, another reported QR code scam involves fake coupons. Everyone is looking for ways to save money, so when a discount appears for your favorite product or store, it's not surprising if you don't hesitate in using it. Unfortunately, doing so will take you to a fraudulent payment portal where the scammers can access your payment information.

Speaking of payment via QR code, the Better Business Bureau reports of imposter scams, where scammers pretend to be from the government or a utility company looking to settle an outstanding bill. To get the recipient to scan the QR code, the imposter makes false threats, such as additional fees or loss of service. Of course, should this happen to you, trash the communication, report the fraud to the FTC, and call the agency, business, or organization with its real number if you need clarification. The same goes for any email saying a recent payment of yours has failed.

The FBI advises avoiding making payments on a website that you need to navgiate to from a QR code. Instead, the national security organization says to manually enter a website through a trusted URL.

Protecting your identity from a QR code scam

Since making their return during the pandemic, it seems as though QR codes are here to stay, as the shortcut URLs have quickly integrated into our daily lives, in how we access and share information, pay for items, and verify who we are. This said, as use of QR codes evolves, so too, surely, will the fraud perpetrated by tech scammers.

So, just as we need to be on the lookout for credit card skimmers these days, we also need to be on the lookout for QR code scams. To protect yourself from ID theft via QR code scam, it's the same as in other cases involving links and providing your personal information: Be careful, and if something looks off, trust your gut that it could be fraud. For example, in the case of the QR code stickers, ask yourself if the code's location seems at all suspicious.

In its QR code warning, the FBI advised that people, once they've scanned a QR code, to check the URL of the site they're brought to. Does it have any misspellings in it? Is it a different name than you expected it to be? If so, it's a scam. Further, the FBI says not to download an app from a QR code. If you need the app, do so from an app store. And, if you receive a message from someone you know and it includes a QR code, get in touch with them first to confirm the code's authenticity.