Beware of fraudulent QR codes used in a variety of scams

With more and more businesses using QR codes to direct current or potential customers to their websites, mobile apps, digital marketplaces, or anything else available on the internet, codes have become an expected part of a business’s marketing. . Unfortunately, while there are many legitimate and useful uses for QR codes, scammers are also taking note of their growing popularity and using them to carry out various schemes.

Consumer reports to the Better Business Bureau (BBB) ​​and warnings issued by police departments in cities across the country detail how certain QR codes are created to direct users to phishing websites, fraudulent payment portals and downloads that infect devices with viruses or malware. Although the way victims are exposed to QR code fraud varies, a common theme identified in reports is that most come from unsolicited communications or from a QR code posted in a publicly accessible location.

Here are some recent ways scammers are using QR codes:

Parking meter payment. Fraudulent QR codes are often placed on the back of parking meters, leading victims to assume they can pay for parking via the QR code if they don’t have change. Scammers can easily create a QR code for free online, which they then print on stickers and conceal an actual QR code or somewhere it makes logical sense. After paying for the space via QR code, some victims return to find that their vehicle has been towed away or given a parking ticket for non-payment, multiplying the amount of money lost.

Cryptocurrency wallets and romance scams. The rise of cryptocurrencies has changed traditional thinking about investments, and the confusion surrounding these transactions makes it a breeding ground for scammers to wreak havoc. Cryptocurrency trading is done online, and the easiest way for legitimate and fraudulent merchants to direct investors to their digital wallets is by using a QR code.

BBB has discovered that some scammers are willing to spend months of their time building a romantic relationship with a victim, eventually gaining enough trust to convince the victim to provide financial assistance through a cryptocurrency exchange, or invest in what looks like a great cryptocurrency investment opportunity. . Believing that the scammer has an urgent need or has their best interest in mind, the victim follows the provided QR code and transfers the requested amount to the scammer’s digital wallet.

Phishing scams. The design of QR codes prevents the user from knowing where the code will direct them after scanning, allowing scammers to send victims to phishing websites or downloads that will infect devices with malware. After scanning a code found in an email, text message or flyer, some victims are directed to a website that asks for personal information that can lead to identity theft, compromised passwords for online accounts line or downloads that track user activity on the device.

Many phishing attempts start with a notification of “suspicious activity” on an online account and include a link or QR code that allows the user to verify their identity. In reality, the information provided goes to a scammer, which he then uses for other purposes.

The impostors of public services and government. Many consumers report being contacted by someone claiming to be from their utility company, the Social Security Administration, or the IRS about an outstanding debt that they must immediately pay in full. The “representative” states that failure to pay the unpaid bill will result in either arrest, additional fines or closure of access to public services, but these contacts are being made by imposters.

From there, the impostor will likely claim that the usual payment portal for these services is currently offline, but the victim can submit the payment through another portal which they can easily access by following a link or scanning a QR code . The payment portal the victim is directed to often mimics the real portal down to the smallest detail, making it legit.

False sense of security. In some cases, consumers who turn to BBB report that the QR code sent to them goes to the website of a legitimate and reputable company or agency. This could be the case when someone tries to add legitimacy to their claims that they are employed by them. You may even see a QR code that goes to an “employee profile” which includes official logos, badge numbers, professional portraits, and additional information designed to allay any fears.

In either case, the key will be to ensure that you are not directed to the reputable company for any submission of information, including account information or payment. BBB and law enforcement find that once a scammer is convinced that they have convinced their target that they are representing a reputable company, the likelihood of the victim providing the requested information or money increases dramatically. .

To avoid QR scams, the Better Business Bureau recommends:

Do your research. Although fake QR codes are difficult to detect, taking the time to do your research before clicking on a code – especially one shared with you via unsolicited communication – can go a long way to avoiding a scam.

Even if you seem to be receiving a QR code from a family member or friend via text, text, or email, be sure to confirm with that person through a different type of contact than they told you. actually sent before clicking anything or opening an attachment. . This means you need to call or text them on the number you know belongs to them.

Do not open links from strangers. If you receive an unsolicited message from a stranger containing a QR code, BBB strongly advises against scanning it. If the message promises exciting freebies or investment opportunities on the condition that you “act now”, be even more careful. Scammers use this type of language consistently and rely on their targets to make immediate decisions before taking the time to verify its authenticity.

Beware of short links. If a shortened URL appears when you hover your camera over a QR code, there’s no way to know where it will take you once you follow the link. Make sure you are sure the QR code is legitimate before following any short links as it may send you to a malicious website. Once on the website, look at the URL and verify that the domain and subdomain make sense to the organization supposedly operating it. Scammers often change domain and subdomains for URLs or slightly misspell a word to make websites look legitimate.

Check for tampering. Some scammers attempt to mislead consumers by altering legitimate commercial advertisements or placing stickers over the QR code. Keep an eye out for signs of tampering and, if discovered, ask the company to verify that the QR code displayed is genuine. Most businesses permanently install scannable QR codes in their establishments using laminate or placing it behind glass. They will often include the company logo in the code itself, often in the middle.

If you’ve been the victim of a QR scam, report it at You can also reach your BBB at 423-266-6144.

Michele Mason is president of the Better Business Bureau in Chattanooga.