Skip to main content

QR codes seem to be everywhere. You may have scanned one to see the menu at a restaurant or pay for public parking. And you may have used one on your phone to get into a concert or sporting event, or to board a flight. There are countless other ways to use them, which explains their popularity. Unfortunately, scammers hide harmful links in QR codes to steal personal information. Here’s what to know.

There are reports of scammers covering up QR codes on parking meters with a QR code of their own. And some crafty scammers might send you a QR code by text message or email and make up a reason for you to scan it. These are some of the ways they try to con you:

  • they lie and say they couldn't deliver your package and you need to contact them to reschedule
  • they pretend like there’s a problem with your account and you need to confirm your information
  • they lie, saying they noticed suspicious activity on your account, and you need to change your password

These are all lies they tell you to create a sense of urgency. They want you to scan the QR code and open the URL without thinking about it.

A scammer’s QR code could take you to a spoofed site that looks real but isn’t. And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.

So how can you protect yourself?

  • If you see a QR code in an unexpected place, inspect the URL before you open it. If it looks like a URL you recognize, make sure it’s not spoofed — look for misspellings or a switched letter.
  • Don’t scan a QR code in an email or text message you weren’t expecting — especially if it urges you to act immediately. If you think the message is legitimate, use a phone number or website you know is real to contact the company.
  • Protect your phone and accounts. Update your phone's OS to protect against hackers and protect your online accounts with strong passwords and multi-factor authentication.
Scammers hide harmful links in QR codes to steal personal information



Search Terms

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Ruben D. Porter
December 06, 2023

Good to know. Thanks

December 06, 2023

Thank you for the advice.

Pat Jorczak
December 06, 2023

Thanks 🙏. I never would have thought about this

Jeri Monroe (…
December 06, 2023

Wonderful information. Thank you. We are in our 80's and feel we are good "marks" for many lies and spoofs. Your site helps and cautions us.

December 06, 2023

This is so important information because QR is use all the time.
Make it us convenient in our daily lives.
Good article to read and always be informed.
Thanks for continuing educate us.

Martha L Crowley
December 06, 2023

thank you

Jolene Wynters
December 07, 2023

My current situation. I’m so heartbroken. 💔 I appreciate the awareness you’re putting out for us! It’s especially difficult with the aliases and online apps!

Michael B.
December 07, 2023

This is very useful information to protect us.

Carole Free
December 07, 2023

I’m in my late 80s and I appreciate all the tips that you send… There were always crooks, all my life, but these new ones are very tricky and I learn a lot from your site. Thank you.

December 07, 2023

Thank You A Very Good Reminder to stay alert!!

December 07, 2023

Thanks for all your info. Check it everyday. I do not use or click on QR codes. If they have to have a code to use a business I quit the business.

Marilyn Larkin
December 07, 2023

Thank you for this invaluable advice.

What kind of a world are we living in today, from where are these bad people coming, and how do they get away with evil deeds?

Who would have ever thought of this type of malice? Instead of getting better, it's getting worse.

However, in y heart, I know there are still good people out there, somewhere.

Bill Rushmore
December 07, 2023

Would it be possible to pass a law making these scams illegal and allowing private groups to collect a reward for arrest of a scammer from any money recovered? This would increase the number of people investigating and get some of the smart kids to attack the crooks.

December 07, 2023

How can you check the URL? The URL in text messages are the mini versions that look like a meaningless code themselves. I just ignore any links in text messages and use a computer to do anything serious.

December 07, 2023

Very good information how to protect yourself from scammers.

quelinda Benet-Moore
December 07, 2023

One scam I get texted to me several times each day says," SECURITY ALERT
There are 3 apps.. in your phone that need to be removed immediately .your phone is at great risk, click here. ( The phone numbers and false emails change regularly, the message stays the same.


December 07, 2023

This was truly good information to know.Thanks so much for keeping me informed

December 07, 2023

I was scammed on what looked like a Microsoft site. I called the number on the site for help and was scammed.

December 07, 2023

Always glad to learn ways to protect myself in the cyber world!

Kaium Sarkar
December 07, 2023

Many many thanks.

December 07, 2023

Thanks- your information is very useful....

William Webb
December 07, 2023

I was catfished by someone who claimed she was from Germany for 4 months she or it as I call it now fooled me not no more I’ll never forget this hard lesson no more internet girls for this man.

December 07, 2023

A scammer accessed my email somehow & sent a msg to my list. Only 2 on list told me about it. The msg contained some personal info from the past & was requesting money be sent to "me." I have a security program; do not understand how they're still accessing my info.

Just 3 days ago I received another questionable messge after returning a package at local post office. Content of msg was not clear, however, had vague reference to unsent package; however, I did not click on the link. I Googled local USPS telephone number & no answer. The number does not go to local post office. I went to post office & right away person there said, "We do not send texts."

Ingrid Pope
December 08, 2023

Thanks good information.

I had email on I Phone have UPS package, I never order online so I know it was spam.

There are so many tricks to scam people. The Seniors are not computer literate and fall for scams and bank fraud. That would be nice if you inform Seniors what to look for and constant reminder.

Thanks again.

Bill Phipps
December 08, 2023


Kathy Hawkes
December 08, 2023

Very helpful A. I know some of this, but having the information confirmed helps so much!!

December 08, 2023

It would have been helpful to put a picture of what a QR code is. Lots of people have no idea what you are talking about.

Ed Webb
December 11, 2023

I'm passing this information on to my friends. Thank you

Steve H
December 19, 2023

Fraudulent QR codes can also lead consumers to trustworthy-looking downloads that could be actually be malicious, to block your device unless you pay the ransom. Or, to steal processing power from your device to run ads in the background, leaving you wondering why your battery runs down so quickly, while the attacker profits from it.

E valko
December 12, 2023

How to send credit card numbers safely when donating to an established charity??

December 12, 2023

Scan a QR code? heh, that'll be the day I ever do that.

December 12, 2023

I delete all emails &text messages I suspect to be questioned. Thanks for spreading this information for all to see

December 14, 2023

Thanks for the wonderful advice. Have phishing scams by text messages quite often lately. Feel like I’m a good candidate for scams being in my late 60’s.

Marcia Rose
January 03, 2024

Very helpful information.

Kenneth Depute…
January 08, 2024

QR Scam Incident, 12:14 pm MST. Saturday, January 06, 2024.

Contacted by person named Micheal, (281) 475-1722. Michael kept calling me by phone number to tell me to click on QR barcode.

Text Message:

"Ok my is Michael from JP Consulting, Inc. Your tasks are Printing and Dispatching letter. Experience is not necessary within this position as we are willing to train the right candidate who is Honest, Trustworthy, Reliable, and able to work hard."

"Sure there's a website to submit your application. I'll send you a link once a verification is completed."

"Kindly send the picture of the barcode you just received from your mobile carrier."

"The code expires within a period of 5 minutes. You have a 5 minutes window to complete this verification."

January 12, 2024

Thank you all so very much! I appreciate the dedication & perseverance you all do to provide cyber safety via awareness/protection.

Mardel Munoz
January 22, 2024

Thanks for the information.

Catherine Perr…
January 22, 2024

There are so many different scams how is an elderly person like myself with memory problems suppose to remember all these tips besides not doing a darn thing. I have gotten to the point that I don’t know what to do anymore I can’t even say if this site is legit! It boggles the mind that people are trying to scam you and take money of us on limited incomes!