Scammers are always dreaming up new ways to con people out of their money. Recently, they’ve figured out a “quick” way by hijacking QR codes. Here’s what to know about QR code scams and how to avoid them.
What’s a QR code?
Before we explore this scam, let’s get the skinny on QR codes. A QR code is a square barcode that can be scanned using a smartphone. It goes directly to a website or app. Businesses use QR codes for many reasons, like posting online menus, scanning coupons, processing payments and more.
How the scam plays out
In a QR code scam, a scammer replaces a legitimate QR code with their own. A target scans the bogus code thinking it’s legit. They make a payment for a transaction and, unfortunately, the target has sent their money right to the scammer. Often, the scam also gives the scammer access to the victim’s phone and information.
How to avoid a QR code scam
When scanning a QR code, practice basic safety measures. Check the URL that the QR code directs you to for common signs of a secure site, including a lock icon and an “s” after the “http”. If the webpage or app seems suspicious, get out. You can access the merchant’s payment portal by visiting their app or website directly. The FBI also advises against downloading an app from a QR code and/or downloading a QR code scanner app.
When using a QR code, look for these red flags:
- The URL is different from the home site.
- The QR code is posted on a public sign or notice that looks tampered with.
- The site or app the code directs you to is full of typos.
If you were scammed
If you’ve used a QR code to pay for a transaction and then received an email from the company claiming you’ve never completed the payment, or that the payment failed, you may be the victim of a QR code scam. Let the real company know its QR code has been tampered with, call your financial institution, and alert the FTC.
Stay alert and stay safe!