FBI Cautions When Using QR Codes

Share This TechTip

A few weeks ago, I wrote a TechTips article on the growing popularity of using QR codes in your marketing. It seems like QR codes are everywhere. Restaurants use them to allow you to download menus. You see them in print articles and publications, sending you to a particular website or webpage.

They are becoming quite helpful. And cybercriminals are paying attention.

A couple of recent articles have highlighted the potential danger of scanning a QR code without thinking about security and the potential for scammers to use those codes to steal information.

I recommend you read both these articles, as well as the FBI announcement.

In January, the FBI released a public service announcement highlighting how cybercriminals are tampering with QR codes and providing some suggestions for how you can protect yourself.

To recap, here is the list of steps the FBI recommends you take to protect yourself from QR code scams:

  • Once you scan a QR code, check the URL to ensure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
  • When entering login, personal, or financial information on a site navigated from a QR code, practice caution.
  • If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
  • Do not download an app from a QR code. Use your phone’s app store for a safer download.
  • If you receive an email stating a payment failed from a company you recently made a purchase with and the company says you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
  • Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
  • If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
  • Avoid making payments through a site navigated from a QR code. Instead, manually enter a known and trusted URL to complete the payment.

If you believe you’ve been a victim of a QR code scam, report the fraud to your local FBI field office at The FBI also encourages victims to report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center at

QR codes are a great tool that can help take some friction out of prospects and help customers quickly get the information they want. And, like many other things, a bit of caution is advised.

More TechTips To Explore

Data protection locks

5 Ways to Help Protect Your Client Data

Use strong passwords/passphrases.  Having a strong password is an essential step in providing tighter security. It’s shocking that many of the top passwords being used today are “password”, “123456”, “letmein”…

Read More »

Get Access to Catalyit

Subscribe To Our Newsletter

Get updates and learn from the best

Sincere Thanks to our Founding, Platinum, & Premium Solution Providers. These companies really 'get it.'

‹ Back to Blog

Forgot Password?


Solution Provider Profiles are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and learn more about this Solution Provider.