AARP Hearing Center
In this story
Explaining QR codes • How scams work • Common scams • Protect yourself • Report scam
QR codes, those black-and-white squares you can scan with your phone, have become ubiquitous. Display a QR — “quick response” — code on your phone, and it can serve as your ticket for an airline flight or sporting event. Scan a code to see a menu or learn when the next bus is due.
QR codes increasingly used in ads make it easy to access a website. They’re on product labels and business cards. Scanning a code might lead you to a page with more information or a coupon. It also could lead you to malware.
Using a QR code could allow a criminal to direct you to a fraudulent domain where they try to steal your money or grab your personal and financial data or login credentials.
How scams work
QR codes have been around since the ’90s. They became more prevalent with the use of smart phones and really took off during the pandemic, when restaurants and other businesses embraced contactless technology, says Jennifer Pitt, senior analyst at Javelin, a research and advisory firm.
QR codes can make reaching a website hassle-free. The problem is the naked eye can’t detect which codes are genuine and which are the work of scammers. QR codes can be created quickly and are cheap to distribute. “It’s ridiculously easy,” Pitt says, and that makes them an effective tool for criminals.
Common fake QR scams
Tampering with legitimate codes. Criminals may create a QR code and print it on stickers they will plaster anywhere. “They’d put a sticker over a legitimate QR code on the parking meter, and you’ll be sending the money to them,” says Steve Weisman, a law professor at Bentley University in Waltham, Massachusetts, and editor of Scamicide.com.
Printing fake QR codes on flyers. Restaurants often use QR codes instead of menus, and criminals may scatter their own QR codes there, at other businesses or public places, hoping you’ll go to their impostor site.
Including fake QR codes in emails or texts. Criminals include a code for you to click on in the body of a message. This is the most common QR scam, according to Weisman. “We’ve seen it with tech support … they (try to) get personal information or a payment,” he says. Scammers pretend to be a business, such as your bank or Netflix, and tell you there’s a problem with your account and you must act immediately. They give you a QR code purportedly to access the business they’re impersonating. Since QR codes displayed on your phone serve as admission to sporting events and concert venues, criminals may sell you phony sports or concert tickets.
Printing and mailing. Scammers may send you a letter through the Postal Service with a QR code offering loan forgiveness, demanding you pay a bill or offering big discounts.
More From AARP
Four Election Scams to Avoid This Year
Criminals may target voters with bogus websites and other fraudMany Americans Worry About Becoming Scam Victims, New Report Finds
With fraud at a crisis level, AARP report explores feelings about the threat and understanding of criminals’ tacticsWhat to Do If You've Just Been Scammed
How one woman worked quickly — with help — to avoid being charged through PayPal
Recommended for You