Scam Spotlight Series: QR Code Scams
July 30, 2025
QR codes are everywhere—from restaurant menus and event check-ins to payment apps and product packaging. While these square-shaped codes offer convenience, scammers have found a way to exploit them. In this month’s Scam Spotlight Series, we’re diving into how QR code scams work, who they target, and how you can protect yourself.
What Is a QR Code Scam?
A QR code (Quick Response code) is a type of matrix barcode that, when scanned by your phone’s camera or QR reader app, takes you to a website, downloads an app, or initiates an action like sending a payment.
Unfortunately, cybercriminals are using QR codes to trick people into visiting malicious websites that steal personal information, login credentials, or even install malware on your device. These codes might be placed over legitimate ones on signs, flyers, or kiosks—or sent via email, text message, or social media.
According to the Federal Trade Commission (FTC), scammers are increasingly turning to QR codes to carry out phishing attacks and distribute malware. In 2023, QR-related phishing complaints to the FTC rose sharply, especially involving payment scams and credential theft.
Real-Life Example: How Frank Fell for a QR Code Scam
Frank, a busy college student, was walking through campus when he saw a flyer advertising Free Coffee for Students! Just Scan & Show This QR Code. Craving a caffeine fix, he scanned the code, which took him to a website that looked like a coffee shop loyalty program. It asked him to download a small browser plugin to claim the offer.
Without realizing it, the website installed malware on his laptop. Over the next few days, the malware captured his online banking login credentials, and unauthorized withdrawals started showing up in his checking account.
What seemed like a harmless perk ended up compromising his sensitive financial information and led to a stressful, time-consuming recovery process.
How QR Code Scams Work
Scammers use QR codes to:
- Redirect you to phishing websites that ask for your login or payment details.
- Download malicious software onto your phone or computer.
- Launch fake payment requests disguised as legitimate QR codes from service providers or delivery companies.
- Spoof real businesses with counterfeit QR codes on menus, posters, or parking meters.
How to Protect Yourself from QR Code Scams
Here are some steps to stay safe:
- Think before you scan. If a QR code is on a flyer, sign, or email that seems suspicious or too good to be true—trust your gut.
- Check the URL after scanning. If the link looks strange or has a misspelled domain (like riversegde.bank instead of riversedge.bank), do not proceed.
- Avoid downloading apps or plug-ins prompted by QR codes. Use official app stores instead.
- Watch out for QR code stickers. Scammers may place fake QR codes over real ones—especially in public places.
- Enable security software on your devices to help detect and block malicious activity.
- Don’t make payments via QR codes unless you are 100% sure the source is legitimate.
What to Do If You Suspect a Malicious QR Code
If you believe you've scanned a suspicious QR code:
- Immediately close any website it opened—especially if it asked for personal or financial information.
- Run a malware or antivirus scan on your device to check for suspicious programs.
- Change passwords to any accounts you may have accessed after scanning the code.
- Contact your bank if you suspect your online banking or debit card information was compromised.
- Report the QR code scam to the FTC at ReportFraud.ftc.gov, or forward suspicious emails or texts to spam@uce.gov or 7726 (SPAM).
Stay Smart, Stay Secure
QR codes are a powerful tool for convenience—but only when used safely. With scammers getting more creative, it’s important to pause before you scan. As always, your security starts with awareness.
About the Scam Spotlight Series:
Each month, we shine a light on the latest scams that fraudsters use to trick people into giving up their money or personal information. In 2024, consumers reported losing over $12 billion to fraud, with 20-29 and 70-79 year olds being the most targeted age groups, according to the Federal Trade Commission. By sharing real-life examples, we aim to uncover the tactics scammers use, helping you recognize and avoid their schemes. Along the way, we’ll also provide practical tips to safeguard yourself and your loved ones. At Rivers Edge Bank, your safety and security are our top priorities—because protecting your hard-earned money starts with staying informed. To learn more about cybersecurity best practices, visit our Cyber Security page.