Scammers never take a break from dreaming up new ways to con people out of their money. Recently, they’ve even been hijacking QR codes to pull scams on innocent victims. Here’s all you need to know about QR code scams and how to avoid them.
What’s a QR code?
Before we can explore the details of these scams, let’s understand what a QR code is and how one works. A QR code, which is an acronym for “Quick Response code,” is a square barcode that can be scanned using a smartphone. It leads directly to a website or app. Businesses use QR codes for any number of reasons, from posting online menus, to scanning coupons, to processing payments and more. In the no-touch era following the coronavirus lockdowns, QR codes are more ubiquitous than ever.
Ironically, QR codes should help prevent fraud, since they take the user directly to the desired site, leaving no room for misspellings or for scammers to lure victims to a bogus website that has a URL that is similar to the legitimate website. Unfortunately, though, scammers have found a way to weaponize QR codes, too. The technology necessary to create a QR code is not accessible for anyone, making QR code scams easy to pull off and difficult to identify.
How the scam plays out
In a QR code scam, a scammer will replace a legitimate QR code with their own code. A target will then scan the code and make a payment for a transaction. Unfortunately, the target has sent their money directly to the scammer and has not made a payment for the transaction as they believe they have.
In a recent QR code scam, fraudsters replaced dozens of QR codes on public parking meters in San Antonio, Texas with their own codes. Drivers seeking to pay the meter costs scanned these codes and sent their payments to scammers. To make matters worse, many victims also unknowingly shared access to their phones with the scammers, setting themselves up for future scams as the criminals use the information on the phone to pull off additional schemes.
How to avoid a QR code scam
QR code scams can be challenging to recognize. For this reason, the FBI has advised against downloading an app from a QR code and/or downloading a QR code scanner app. However, there are ways to keep yourself safe from these scams.
When scanning a QR code, it’s a good idea to treat the link like any other email or text message. Proceed with caution and practice online safety measures as you would with any other online transaction. Check the source of the QR code and the URL that the code directs you to for common signs of a secure site, including a lock icon, an “s” after the “http,” and whether the URL matches with the URL of the intended site destination.
If the webpage or app the code sends you to seems suspicious in any way, leave it. You can access the payment portal you need by visiting the app or website on your own.
When using a QR code, look for these red flags that can indicate a possible scam:
- The URL is different from the home site.
- The QR code is posted on a public sign or notice that seems to be tampered with.
- The site or app the code directs you to is full of typos.
Knowing how to recognize a QR code scam can help prevent you from falling victim to this emerging and quickly growing scheme.
If you were scammed
If you’ve used a QR code to pay for a transaction and subsequently received an email from the company claiming you’ve never completed the payment, or that the payment failed, you may be the victim of a QR code scam. Let the company know that its QR code has been tampered with and alert the FTC as well.
Stay alert when using a QR code and stay safe!