Image shows a person using their smartphone to scan a QR code.

QR Codes Are Everywhere, But Are They Safe?

You’re probably familiar with Quick Response (QR) codes, the black-and-white square codes you scan with your phone camera to access restaurant menus, view real estate listings, download apps and more. Now experts are seeing an increase in scams using QR codes. Find out how you are likely to encounter these scams and what you can do to avoid them.

Share

Although they've been around for years, QR codes became more popular as a no-contact way to do business during the pandemic. Fraudsters have taken notice: The FBI recently warned about an increase in scams using the codes.

QR Code Scams: How They Work

In this type of scam, a legitimate QR code is replaced with an altered QR code. When users scan the code, they're taken to a fraudulent website designed to resemble the intended site. In some instances, scammers will place a sticker with a fake code over the real QR code. Unaware that the codes have been swapped, users might enter personal information that is captured by the scammers. Or the website could contain a link that installs malware on the user's device.

Entering sensitive information like your social security or credit card number into a fraudulent site can enable a scammer to steal funds or commit identity theft. In one instance, scammers in San Antonio replaced the QR codes on parking meters. Unsuspecting individuals scanned the codes and, when the page opened, entered their payment information into a fraudulent site.

Protect Yourself From QR Code Scams

Follow this guidance from the FBI on using QR codes safely:

  • Only scan a QR code from a trusted source.

  • When you do scan a QR code, check the address of the site that opens and make sure it's the one you expected.

  • Never enter personal information on a website without verifying it's official and secure. If you're not sure whether the site is legitimate, open a new browser window and manually enter the website URL you're trying to access.

  • Be careful about scanning QR codes received via email. Always confirm that the sender is trustworthy before clicking on links or scanning a QR code contained in the email. Learn more about social engineering scams.

  • Always verify a company's legitimacy before handing over any information or transacting any payments through a QR code. Learn more about types of online scams.

NOTE: BECU may include QR codes in member communications and advertisements, but we will never use them to request sensitive or personal information such as your username, password, or account number, or send you to a page that asks for that information.

Using QR Codes for Business

If your business uses QR codes, you can help protect your customers and your business by following this guidance:

  • Monitor your QR codes to make sure they're working correctly and sending your customers to the right places. Check the codes frequently to ensure they haven't been tampered with or covered with a sticker showing a fraudulent code.

  • List the QR code's intended website on your signage and include language that clarifies what customers can expect from scanning the code. For example, "This code will take you to our menu at menu.greatrestaurant.com. If the code takes you elsewhere, please let us know, and don't enter your personal information."

Learn How to Avoid Fraud and Scams

Through our partnership with KnowBe4, BECU members have free access to a free online cybersecurity training course. From creating a stronger password to additional security tips in banking online, this engaging course can help you become a savvier digital consumer.

How to Contact BECU's Fraud Department

If you ever suspect any fraudulent activity affecting your BECU account, call 800-233-2328 and follow the prompts to speak with someone in our fraud department. For more information about security at BECU, visit our Fraud & Security Center.

To report phishing attempts, please email our security team at phishing@becu.org. This no-reply email mailbox is only used for ongoing monitoring and identifying trends. Please do not send confidential information via email. If you've responded to a communication that you think may have been a scam, it's important that you call us, send us a secure message, or visit a BECU location.