Don't Get Caught in a QR Code Scam

Scammers never take a break from dreaming up new ways to con people out of their money. Recently, they’ve even been hijacking QR codes to pull scams on innocent victims. Here’s all you need to know about QR code scams and how to avoid them. 

What’s a QR code? 

Before we can explore the details of these scams, let’s understand what a QR code is and how one works. A QR code, which is an acronym for “Quick Response code,” is a square barcode that can be scanned using a smartphone and leads directly to a website or app. Businesses use QR codes for any number of reasons, from posting online menus, to scanning coupons, to processing payments, and more.

Ironically, QR codes should help prevent fraud, since they take the user directly to the desired site, leaving no room for misspellings or for scammers to lure victims to a bogus website that has a URL that is similar to the legitimate website. Unfortunately, though, scammers have found a way to weaponize QR codes, too.

How the Scam Plays Out

In a QR code scam, a scammer will replace a legitimate QR code with their own code. A target will then scan the code and make a payment for a transaction. Unfortunately, the target has sent their money directly to the scammer and has not made a payment for the transaction as they believe they have.

In a recent QR code scam, fraudsters replaced dozens of QR codes on public parking meters in San Antonio, Texas with their own codes. Drivers seeking to pay the meter costs scanned these codes and sent their payments to scammers. To make matters worse, many victims also unknowingly shared access to their phones with the scammers, setting themselves up for future scams as the criminals use the information to pull off additional schemes. 

How to Avoid a QR Code Scam

QR code scams can be challenging to recognize, but we’ve compiled some tips and best practices to help you along your way. When scanning a QR code, it’s a good idea to treat the link like any other email or text message. Proceed with caution and practice online safety measures as you would with any other online transaction. Check the source of the QR code and the URL that the code directs you to for common signs of a secure site, including a lock icon, an “s” after the “http,” and whether the URL matches with the URL of the intended site destination. 

If the webpage or app the code sends you to seems suspicious in any way, leave it. You can access the payment portal you need by visiting the app or website on your own. 

When using a QR code, look for these red flags that can indicate a possible scam:

• The URL is different from the home site.
• The QR code is posted on a public sign that seems to be tampered with.
• The site or app the code directs you to is full of typos. 

Knowing how to recognize a QR code scam can help prevent you from falling victim to this emerging and quickly growing scheme. 

If You were Scammed

If you’ve used a QR code to pay for a transaction and subsequently received an email from the company claiming you’ve never completed the payment, or that the payment failed, you may be the victim of a QR code scam. Let the company know that its QR code has been tampered with and alert the FTC as well. 

Stay alert when using a QR code and stay safe!

To further bolster your online safety and protect your identity from theft, check out our Financial Wellness Resources page. Identity Theft Protection options include monitoring your credit score, signing up for text message alerts, and more. And remember: Community Financial will never call, text, or email our members and ask for their account number, social security number, or other personal information. If you are ever in doubt regarding a communication you've received, please call us at (877) 937-2328.

Your Turn: Have you been targeted by a QR code scam? Share your experience in the comments. 

Community Financial neither endorses the information, content, presentation, or accuracy nor makes any warranty, express or implied, regarding any external site.