QR codes — those little square patterns you scan with your phone camera — are everywhere now, and scammers love them. A code can send you to a fake website just like a bad link can, but you can't see where it leads before you scan. Here's how to stay safe.
“A sticker on a parking meter reads: "Pay here — scan to pay for parking." The code leads to a look-alike site that quietly steals your card number.”
Scammers stick their own QR codes over real ones, or send them in emails, texts, and flyers.
How to tell
A QR code in an unexpected place: a sticker on a meter or sign, an email, a flyer, or a text.
After scanning, it asks you to pay, log in, or enter personal information.
The web address that appears isn't the plain, official one you'd expect.
There's urgency, like a fine, a package, or a prize.
What to do
1Don't enter payment or personal details on a site you reached by scanning a code.
2Pay in person, or type the company's real web address yourself instead.
3Not sure where a code or link leads? Paste the web address into CheckTwice.
If you already clicked or paid
First: don’t blame yourself, and don’t hide it. Acting quickly matters more than anything else.
If you entered card details, call your bank using the number on your card and say you may have used a fake site.
Change the password for any account you logged into, and report it at reportfraud.ftc.gov.
These are easy to fall for because a code hides its destination. Checking first is the whole defense.
Worth remembering: A QR code is just a hidden link. Treat one from a sticker, email, or text exactly as you'd treat a link from a stranger: never trust it with your money or details.