Beware of the QR Code Scams

“Although scanning is easy for you be careful not to damage your transparency”.

For the time being, most the citizens be aware of the usual scams that need attention. Phishing emails trying to steal your account logins. Misspelled URLs attempting to access your bank accounts. Fake online storefronts charging you for products they never intend to send. Well, it’s time to be on the watchtower for yet another growing scam: Fake QR code scams. Cybercriminals are increasingly using malicious QR codes to trick consumers.

What is a QR code

QR codes are those little square barcodes that take you directly to a website or app when you scan them with your smartphone camera. QR codes are frequently used to track information about products in a supply chain. They are often used in marketing and advertising campaigns.


A QR code is a two-dimensional barcode that the Japanese automotive manufacturer Denso Wave invented in 1994. It’s a machine-readable label that contains information about a specific product such as identification, location and a pointer to an application or website. A QR code can use any of four encoding modes, including alphanumeric, binary, numeric and kanji. They may also use extensions for these modes.

The return of the QR Code

Over the years, a wider mobile network coverage coupled with an increase in smartphone web content has created the perfect conditions for the return of the QR Code.

Coupled with the integration of a Code reader in the latest iPhone and Samsung phones, they have become much more accessible. They are eliminating several inconvenient steps, and granting quicker access to valuable information that gives more transparency.

You see QR codes just about everywhere these days. The square barcodes show up everywhere: real estate listings, TV ads, and social media posts. The pandemic fueled a surge in the use of QR codes. Seeking to cut down on possible transmission, restaurants replaced physical menus available to all customers with online versions.

  • However, as with most new and growing technologies, scammers have found a way to weaponize QR codes too.


The malicious QR codes can add unknown/suspicious contacts to the mobile contact list. They can connect the victim’s device to a malicious network. The malware embedded in the QR code can automatically initiate phone calls, draft emails, and send text messages. It can reveal the user’s location.

QR codes can also load malware to steal financial information and then withdraw funds from victim accounts, the FBI warns. There are parallels between email phishing and malicious QR codes stuck in public spaces

QR codes seem like they were made to deter phishing. There’s no need to type in a link and accidentally misspell it, which could result in the user being sent to a scam website meant to mimic the actual legitimate site they meant to visit. Just scan the QR code and you’ll go right to the real website you intended to go to.

The most common QR scam of this type involves distributing content that contains a QR code, which could be a piece of mail, flyer, text message or social media post. The code typically opens a web page when victims scan the QR code with their camera. This website is usually a phishing website controlled by the scammer that resembles a legitimate website. In this case, the website prompts the victim for personal information, especially login credentials.

QR scams differ greatly in their execution, but they generally rely on the victim scanning the code without thinking about what they’re doing. In particular, scammers hope that the victim won’t consider the QR’s source before scanning it. Cybercriminals quickly took note and are starting to exploit the technology’s undeniable convenience. Scammers are creating their own malicious QR codes designed to dupe unwitting consumers into handing over their banking or personal information. For example, a victim may receive a letter claiming to offer a consolidation for student loans. This scam can be highly effective when it’s sent to someone who is currently paying off a student loan. Another approach is to use QR codes to launch a payment app or follow a social media account that the scammer controls.

Scammers can also embed a Bitcoin address in QR codes, which is a common form of crypto currency scam. Consumers may receive a message on a social media platform purporting to be from a forex trader offering an investment opportunity.

The victim is expected to pay a withdrawal fee through a Bitcoin machine and send it to the provided QR code. Next, the victim receives an email requesting a transfer fee, which should tell the victim that the message is a scam.

Further incidents

In December, QR codes started popping up on public parking meters in San Antonio, Texas. Simply pull out your phone, scan the familiar barcode, and pay for your parking spot. Quick and simple, right? Not so. When the San Antonio Police Department was notified, they alerted the public: It was a scam.

Fraudsters had actually placed their own QR codes on public parking meters across the city. Drivers who used them to pay the meters were actually sending their money or sensitive financial account information to the scammers. “Ars Technica” points out, other major cities in Texas, such as Austin and Houston, have reported similar parking meter grifts.

QR codes still make up just a small fraction of the scams proliferating across the web. However, the Better Business Bureau has experienced a noticeable enough uptick on its scam tracker to put out its own “scam alert” on QR codes last year. The technology has become accessible enough where anyone can make their own QR codes now.

How to prevent or mitigate risk

Confirm that the code came from the party you think it did. Contact that party directly and ask if they sent the QR code before scanning it.

Treat QR codes you come across you just as you would any other email you receive or link that gets text messaged to you.

Double-check the source of the QR code and the URL the QR code forwards you to just as you would when you receive an email with a link inside.

If something feels off about a page that the QR code directs you to, type out the URL yourself if you know it. These links are accessible without the barcode. Be on the lookout for advertisements and public notices that are tampered with too. A fraudster can easily stick their own QR code over a legitimate one on a poster or flyer you come across offline.

Look for signs of tampering in advertising materials. Scammers may alter legitimate business ads by placing a sticker with their QR code over the ad’s original QR code. Use extreme caution when a QR code uses a Tiny URL, which is an abbreviation of the complete URL. In this case, you don’t know where the URL will direct you, so it could be a scam.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button