QR codes are everywhere. You can find them at restaurants, on flyers, on billboards, and more. However, not all QR codes are safe to scan. Learn more about common QR code scams so you can protect yourself.

The Library and Information Technology Services at Trinity College is warning our community to be on the lookout for QR (or quick response) code scams.

In the last few years, there has been a dramatic increase in the use of QR codes by businesses in an effort to help consumers instantly access smartphone applications and other electronic information. Fueled by a desire for touchless transactions during the pandemic, many restaurants stopped distributing paper menus and instead posted QR codes at tables. Diners use the QR codes to access menus, process food orders, and complete payments electronically. QR codes have also proven to be convenient for tracking packages and locating information about events, recipes, and healthcare tips.

QR CODE FRAUD: Unfortunately, QR codes can also be used for criminal purposes. Scammers can use QR codes to trick consumers into downloading malware or personal information. For example, you may receive an email, a social media message, a flyer, or a notice posted on a community bulletin board with a QR code promising links to useful information. Rather than take you to the application or site you intended to access, however, the QR code may take you to a phishing site that asks you to enter personally identifiable information or financial account information and credentials, all so that scammers can steal it from you. Fraudsters may even paste a phony QR code on top of an existing QR code; signs that a QR code has been tampered with are a red flag that signals a potential scam. The codes themselves are not dangerous – it’s how they are used that is the problem. There are different ways that QR codes are used to steal or commit fraud.

Scammers often send phishing emails that contain QR codes. This technique is known as “quishing.” These emails will pose as a credible company and ask you to scan the QR code in their email. For example, they may say that your payment from an online purchase didn’t go through, and you need to re-enter your credit card information by scanning the QR code. Unsuspecting victims will scan the QR code, enter a legitimate-looking website, and enter their payment information. Now, the cybercriminal has access to their credit card information. 

PROTECT YOURSELF: The Better Business Bureau suggests ways to protect yourself from becoming the victim of a QR code scam:

  • Make use of QR scanner applications (apps) developed by antivirus companies to check the safety of a scanned link before you open it. The apps can identify phishing scams, forced app downloads, and other dangerous links.
  • Independently verify the source of the QR code, even if the source appears to be a federal, state, or local government agency. Call or visit the official webpage of that agency and request that they verify the QR code’s authenticity.
  • Contact the sender of the QR code directly before you scan it—even if the QR code was sent to you by someone you know through the U.S. mail, an email, text, or social media site—to confirm that the sender was not hacked.
  • Most importantly, Avoid scanning QR codes presented in unsolicited emails, text messages, or social media messages arriving from someone you don’t know, particularly ones that ask you to scan a QR code in order to claim a gift or take advantage of an investment opportunity.

REPORT FRAUD: If you believe you have been the victim of a QR code scam or other financial fraud, file a report with the Federal Trade Commission (FTC) at reportfraud.ftc.gov or call the FTC’s Consumer Response Center at 877-382-4357.

You may also contact Trinity College’s Information Security Team by submitting a ticket or calling the help desk at 860-297-2100