QR codes are versatile for storing and sharing information quickly and its usage has risen since the start of the COVID-19 pandemic. Maybe you’ve used them for opening menus at a restaurant, linking to mobile payments for various bills, or have seen advertising and marketing materials. But, as this trend rises, so do the chances of scams and fraudulent activity.

While data is currently gathered on QR code scams through various agencies, the Better Business Bureau has shared “QR code scams are making the rounds in cities” across the United States. Still, it’s important to know how to protect yourself and loved ones from potential QR code scams.

Potential fraud indicators

It can be difficult to spot fraudulent QR code scams, but there are a few key items to look for before scanning any type of QR code:

  • Misspellings and grammatical errors in the hyperlink address, company name or text accompanying the code.
  • A shortened URL link.
  • Unsolicited QR codes from unexpected or unknown senders.
  • Discoloration or changes in a company logo.
  • QR code stickers placed on top of ads.
  • Overseas investment opportunities requesting payment by Bitcoin.

Your world and QR code scams

Sometimes it’s hard to imagine falling for a scam yourself. They can sometimes seem so obvious, and yet other times they take people by surprise. Here are two recent examples of QR code scams:

Surprise packages: Recently, people have reported receiving unexpected packages in the mail that only contain a QR code inside. These codes are often accompanied by text stating, “Scan this code to see your gift!” Once scanned, scammers gain access to that person’s device and any information saved to the device.

Parking meter scams: QR codes to pay for parking have become a popular practice in cities to help people quickly pay for their parking spot. Scammers have recently started to put up false QR code parking signs as well as placing fraudulent QR code stickers over the official QR code. Unsuspecting people will scan these codes to try to pay for their parking online and unknowingly share access to their device as well as any financial information they input to “pay” for parking.

What you can do

Although it is impossible to prevent all fraudulent behavior when scanning QR codes, there are some steps that you can take to protect yourself:

  • Confirm the validity of any sites. If you scan a QR code and it takes you to a website that looks concerning, exit out of the site immediately. Do not give any personal information.
  • Only use a credit card when paying through a QR code. This prevents banking information from being shared and prevents the loss of money within a bank account.
  • Do not open links from strangers. When possible, type in a physical website link into a web browser to prevent using a QR code.
  • Confirm a QR before scanning. If you receive a code from a family member or a friend (especially through social media), ensure you confirm with that person if they meant to send it to you, or if they have been hacked.
  • Be skeptical if a QR code looks tampered with, including if a new QR code is placed over an old one, if the advertisement creates urgency to scan, or if there is a lack of information provided.

Utilize VSAFE.gov or call 833-38V-SAFE to report fraudulent activities or to review resources.

Additional resources

For more information regarding the do’s and don’ts of QR code fraud prevention, read the VSAFE QR Code Fraud One Pager (PDF, 1 page, 458KB).

To protect yourself, your friends and your family from QR code fraud, here are some additional helpful resources:

Topics in this story

Leave a comment

The comments section is for opinions and feedback on this particular article; this is not a customer support channel. If you are looking for assistance, please visit Ask VA or call 1-800-698-2411. Please, never put personally identifiable information (SSAN, address, phone number, etc.) or protected health information into the form — it will be deleted for your protection.

6 Comments

  1. courtland D hoggard November 20, 2024 at 10:45 - Reply

    all of this is good info, but when i tried to use the buddy locator it didn’t work.
    please advise or send me the proper link.

    thanks

    cd Hoggard

  2. francis reif November 16, 2024 at 08:08 - Reply

    very interesting, it is important to be aware of this type of criminal activity.

  3. Omar November 15, 2024 at 01:23 - Reply

    Great reminder! It’s easy to overlook the risks associated with QR codes—always better to stay safe and verify before scanning.

  4. John E Albertini November 14, 2024 at 02:53 - Reply

    I never gave it a thought about the QR codes , what next ? Thank you for your advice .

    • b.f. November 23, 2024 at 19:56 - Reply

      The Rule of Thumb is very simple:
      If you don’t actually HAVE to use it, DON’T.
      “Latest and Greatest” is going to be good for someone, and that ‘someone’ isn’t likely to be you.
      Go for the tried and true. It’s worked fine in the past, why abandon it?

  5. Allan Fedor November 13, 2024 at 18:20 - Reply

    This is bullsh-t and confusing to most of us. The author needs to show how we [the great unwashed] can avoid this type of scam. Re-do the information so that we can actually deal with it.

Leave A Comment

More Stories