When you receive email that doesn’t seem quite legit, you’ve been warned not to click on links or open unknown email attachments. Now there’s something new you need to be on the lookout for. The Better Business Bureau (BBB) is warning consumers about phishy QR codes.

What Is a QR Code?

A QR (Quick Response) code looks like a block of black and white squares, but it’s actually an interactive link you can scan using your smartphone’s camera. The code contains information that tells your device to pull up a restaurant menu, open your browser to a particular web address, download a file, or launch an app on your phone.

The benefit of QR codes is that they’re easy to use and easy to put on, well, pretty much anything! They’ve become increasingly popular during the COVID-19 pandemic because they can allow you to do things using your own device, instead of using shared items such as pens and menus. Heck, even TDS uses them at events so you can easily enter to win prizes.

Phishy QR codes

Cybercriminals have discovered that, just like a link in a phishing email, they can use QR codes to try and trick you into revealing information. QR code links can take you to a website that asks you to enter personal information or login credentials. The BBB also says, “other times, con artists use QR codes to automatically launch payment apps or follow a malicious social media account.”

Making a QR code is also quite easy, thanks to many free websites, and the code creator can link to anything they choose. A malicious QR code can be put in an email or printed fliers, and some scammers are posting them on social media, too. Malicious codes have even been put onto into stickers and used to “hijack” a legitimate QR code.

How to avoid QR code scams

The BBB offers tips for how to avoid QR scams:

  • If someone you know sends you a QR code, also confirm before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure they haven’t been hacked.
  • Don’t open links from strangers. If you receive an unsolicited message from a stranger, don’t scan the QR code, even if they promise you exciting gifts or investment opportunities.
  • Verify the source. If a QR code appears to come from a reputable source, it’s wise to double check. If the correspondence appears to come from a government agency, call or visit their official website to confirm.
  • Be wary of short links. If a URL-shortened link appears when you scan a QR code, understand that you can’t know where the code is directing you. It could be hiding a malicious URL.
  • Watch out for advertising materials that have been tampered with. Some scammers attempt to mislead consumers by altering legitimate business ads by placing stickers or the QR code. Keep an eye out for signs of tampering.
  • Install a QR scanner with added security. Some antivirus companies have QR scanner apps that check the safety of a scanned link before you open it. They can identify phishing scams, forced app downloads, and other dangerous links.


Leave a Comment