The Better Business Bureau is warning Mainers of QR code scams.  Throughout the pandemic, QR codes became the norm; in restaurants, gas stations, even medical offices.  But today, some scammers are taking advantage of folks by placing fraudulent QR codes around cities and towns.

Consumer reports to Better Business Bureau and warnings issued by police departments in cities across the nation detail how some QR codes direct users to phishing websites, fraudulent payment portals, and downloads that infect devices with viruses or malware. While the way victims are exposed to QR code fraud varies, a common theme identified in reports is that most come from unsolicited communications or a QR code posted in a publicly accessible location. 

Common types of QR code scams include:

Parking meter payments: Scammers are replacing parking QR codes with false codes on parking meters.  The scammer can place the code over an existing code or in a place that looks legitimate.  Oftentimes, victims lose the money they send to the scammer as well as being charged with fines or tickets by the city, doubling losses.

Cryptocurrency and Romance Scams: The rise of cryptocurrencies has altered traditional thinking about investments, and the confusion surrounding these transactions makes it a ripe ground for scammers to take their toll. Recently, BBB has become aware of scammers who spend months of their time building a romantic relationship with their victim, which ultimately results in them asking for financial assistance through a cryptocurrency exchange or ‘advising’ the victim on cryptocurrency investment. Believing that the scammer is in dire need or has their best interest in mind, the victim follows the provided QR code and transfers the requested amount to the scammer’s digital wallet

Phishing Scams: The design of QR codes makes it impossible for the user to know where the code will direct them after scanning, allowing scammers to send victims to phishing websites or downloads that will infect devices with malware. After scanning a code found in an email, text or on a flyer, some victims are directed to a website that requests personal information that can lead to identity theft, compromised passwords for online accounts or downloads that track the user’s activity on the device.

Utility and Government Imposters: Many consumers report they are contacted by their utility company, the Social Security Administration or the IRS regarding an outstanding debt they must immediately pay in full. The representative claims that failure to pay the unpaid bill will result in either arrest, additional fines or shutting off access to electricity, gas or water. According to the impostor, the regular payment portal for these services is currently offline, but the victim can submit payment through another portal which, conveniently, they can access by following a link or scanning a QR code.

How to avoid these scams?  Pay close attention to codes you scan in public.  False codes will look slightly off or may be discolored/misplaced.  Make sure you trust the person you are scanning a code from, if sent digitally.