Let’s start with the basics. “QR” stands for “quick response.” The QR code is a square image that you can scan with your phone—usually by just pointing your camera at it. The image itself is filled with data that can do lots of helpful things, such as send you to a particular website or payment portal.

QR codes have become much more common. They allow restaurants to use virtual menus and vendors to accept cashless payments easily. You may find codes physically pasted about or virtually embedded into ads, emails, or online. They are easy to create and, unfortunately, easy to hack.

If you happen to scan a scammer’s bad code, you could end up giving them access to your device. They can access your contacts, download malware, or send you to a fake payment portal. Once there, you can inadvertently give them access to your banking and credit card accounts. If you make a payment through a bad QR code, it’s difficult if not impossible to get those funds back.

How to protect yourself:

• Do not scan a randomly found QR code.
• Be suspicious if, after scanning a QR code, the site asks for a password or login info.
• Do not scan QR codes received in emails or text messages unless you know they are legitimate. Call the sender to confirm.
• Some scammers are physically pasting bogus codes over legitimate ones. If it looks as though a code has been tampered with, don’t use it. Same thing with legitimate ads you pick up or get in the mail.

If you are the victim of any other online fraud, you should report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov.  

Information provided by FBI.gov.