Please ensure Javascript is enabled for purposes ofwebsite accessibility

Consumer Alert: Beware of malicious QR codes


A person uses a smartphone to scan a QR code. (WJAR File Photo)
A person uses a smartphone to scan a QR code. (WJAR File Photo)
Facebook Share IconTwitter Share IconEmail Share Icon

By now, most of us know to watch out for malicious links, but what about malicious QR codes?

QR codes -- QR stands for quick response -- have surged in popularity, especially since the start of the pandemic.

The square barcodes, which users can scan with their phones at parking meters, restaurants and on return labels, are an easy way to direct consumers to a website URL.

Unfortunately, they have also created a huge opportunity for scammers.

“What the scammers will do is they will create a QR code, put it on a sticker and put that over the QR code at the parking meter. So, this is one way someone who thinks they're going to be paying to the real traffic authority is actually going to a website and giving their credit card to the scammer,” said Steve Weisman, a Bentley University professor and author of "Identity Theft Alert."

Weisman said consumers are more trusting of QR codes because the technology is still relatively new. He said scammers are exploiting that trust and using QR codes in a number of different, malicious ways.

“The bad guys are looking to do three possible things,” says Weisman. “One is to get you to provide personal information, and then that will make you a victim of identity theft.”

He continues, “The second is to get you to pay for something, such as maybe the parking ticket or the parking cost.”

Finally, he explains, “The third is just by clicking on and scanning that QR code, you may be actually downloading malware.”

So how do you know whether you can trust a QR code?

  • When you see the URL link pop up on your camera, make sure it starts with "https:".
  • If the link takes you to static website, such as a pdf version of a menu, you're probably safe.
  • If the site is asking for personal or financial information, proceed with caution.
  • Avoid using a QR code to make a payment, you're better off manually typing in the URL.

If you have to make a payment using a QR code, remember to pay with credit, not debit. Credit card charges are much easier to reverse in the event of a scam.

Loading ...