Scan or Scam? Uncovering the Dangers of QR Codes

You see them everywhere — on parking meters, promotional materials, gas station pumps, and in restaurants and retail stores. The small squares featuring intricate patterns and boxes known as QR (Quick Response) codes are designed for easy scanning with your phone. These codes serve as a convenient way to link to websites without requiring you to manually enter URLs into your phone, but they can also pose an opportunity for criminals to defraud you.

Can QR codes be dangerous?

QR codes can present significant risks, so always think before you scan. Cybercriminals can place counterfeit QR codes on menus, signs and parking meters to redirect users to phishing websites that mimic legitimate login pages. Scammers also target unsuspecting victims by sending fraudulent QR codes in texts or emails. They make up urgent stories — like your package wasn't delivered or there's a problem with your account — to make you worry and scan the code quickly.

When someone unknowingly enters their credentials on a fake website, hackers can gain unauthorized access to sensitive accounts such as email, banking or social media. Hackers can also program harmful code within QR codes, allowing them to install malware, access personal data and launch other attacks.

How to check if a QR code is safe

The FBI released a public service announcement offering these best practices to verify that a QR code is safe and to avoid being scammed:

• Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name could appear real at first glance but be off by a letter or contain other typos.
• Be wary of entering personal or financial information from a site accessed via a QR code.
• Verify the QR code with the company or sender through a trusted telephone number to make sure the code is from them.
• Avoid making payments through a site accessed from a QR code. Instead, manually enter the provider’s known and trusted URL to complete payment.

Exercise caution every time you scan.

So, are QR codes safe? Generally, yes. QR codes can be a safe and convenient tool for accessing information and services, when from a trusted source and used responsibly. Just keep an eye out for anything that seems suspicious, and take steps to verify the legitimacy of the source before scanning a code. This can significantly reduce the risks associated with malicious QR codes. The FBI encourages anyone who believes they have been a victim of a tampered QR code to report the fraud to their local FBI field office at www.fbi.gov/contact-us/field-offices.