BBB Scam Alert: Watch out for fraudulent QR codes
By Better Business Bureau. July 30, 2021.
Companies use QR codes to point consumers to their apps, track packages, or view menus. But because these codes can’t be read by the human eye, they have become a way for scammers to disguise malicious links. As QR codes get more popular, BBB Scam Tracker is seeing more reports of con artists using them to mislead consumers.
How the Scam Works
You receive an email, a direct message on social media, a text message, a flyer, or a piece of mail that includes a QR code. You are supposed to scan the code with your phone’s camera, and it will open a link. In some scams, the QR code takes you to a phishing website, where you are prompted to enter your personal information or login credentials for scammers to steal. Other times, con artists use QR codes to automatically launch payment apps or follow a malicious social media account. These scams differ greatly, but they all have one thing in common. Scammers hope you will scan the code right away, without taking a closer look. QR codes often appear to come from legitimate sources, so make sure any correspondence is legitimate before you scan the code.
For example, one victim told BBB Scam Tracker that they received a fraudulent letter about student loan consolidation. It contained a QR code that appeared to link to the official Studentaid.gov website. The QR code helped the program, which was a fraud, appear official.
In addition, Bitcoin addresses are often sent via QR codes, which makes QR codes a common element in cryptocurrency scams. One consumer who was contacted by a “binary and forex trader” through Instagram about an investment opportunity said, “after I had paid the withdrawal fee through the Bitcoin machine and sent it to the QR code I was provided, I received another email saying I needed to pay a Cost of Transfer fee. This is when I figured out that something wasn’t right.”
How to Avoid QR Scams
- If someone you know sends you a QR code, also confirm before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure they haven’t been hacked.
- Don’t open links from strangers. If you receive an unsolicited message from a stranger, don’t scan the QR code, even if they promise you exciting gifts or investment opportunities.
- Verify the source. If a QR code appears to come from a reputable source, it’s wise to doublecheck. If the correspondence appears to come from a government agency, call or visit their official website to confirm.
- Be wary of short links. If a URL-shortened link appears when you scan a QR code, understand that you can’t know where the code is directing you. It could be hiding a malicious URL.
- Watch out for advertising materials that have been tampered with. Some scammers attempt to mislead consumers by altering legitimate business ads by placing stickers or the QR code. Keep an eye out for signs of tampering.
- Install a QR scanner with added security. Some antivirus companies have QR scanner apps that check the safety of a scanned link before you open it. They can identify phishing scams, forced app downloads, and other dangerous links.
For More Information To learn more about protecting your information online, read the BBB's tips on data privacy and cyber security. If you’ve been the victim of a QR scam, report it at BBB.org/ScamTracker. Your report can help educate and protect your fellow consumers.