Skip To Main Content
    Contact Us

    QR code scams: A guide to protect yourself

    November 24, 2025

    Key takeaways:

    • QR code scammers target victims in a variety of ways, including by putting a QR code that leads to a phishing website over a legitimate QR code, such as one for a parking meter or restaurant menu.
    • There are several things you can do to help protect yourself. Always check for tampering and never be swayed by urgent requests from an unknown sender.
    • If you believe you’ve become the victim of a scam, report it to your bank, call the police, and change your passwords.

    Quick Response (QR) codes are a popular way to share information. They can be used in a variety of ways, such as to access a restaurant’s menu, encourage people to visit a website, or even make a bill payment.

     

    With QR codes part of everyday life for many people, scammers are taking new approaches to steal from victims.

    How scammers are using QR codes to steal money

    Scammers will set up phishing websites that will ask for credentials such as banking information, credit card numbers or passwords. To get victims to the phishing website, they will create a QR code that links to it. This is sometimes called “quishing.”

    Scammers are using a variety of tactics to get victims to scan their QR codes. According to the Federal Trade Commission (FTC), one of the most popular ways is by sending victims an unsolicited package.

    “Receiving an unsuspected package should be a red flag and if a QR code is present, encouraging you to ‘scan to see who sent this’ you should take extra precaution,” says Sandy Ozier, a senior vice president at Commerce Bank who works in fraud prevention. “This is a common tactic scammers use to steal your personal information. Their goal is to entice you to scan the QR Code which will then be followed by prompts for you to enter your personal information. Just remember, anytime you receive a delivery you did not initiate, slow down and proceed with caution.”

    Other times scammers will try to trick victims by creating fake ads or other correspondence to make it look like the fake QR code is from a well-known company.

    “Take a moment to review the authenticity of the return address including the company name and associated logo. Always verify the source and contact the company directly using verified information you have personally gathered; not a QR Code, email or phone number on the package in question,” said Ozier. “Take a few moments to research the company to obtain a legitimate phone number and contact them directly for additional information.”

    You may think it’s easy to avoid a QR scam by not scanning unsolicited or suspicious codes, but scammers can be very deceptive. They may take signs that show QR codes from legitimate organizations and cover them with a sticker with a different QR code – one that sends victims to the phishing website instead.

    “To protect yourself, always look for signs of tampering like a sticker over a printed QR code. Be overly cautious of QR codes from unknown sources or unsolicited messages. If something feels off, trust your instincts. Look for blurry logos, or strange formatting. Take your time and don’t scan the code if you have any reservations,” said Ozier.

    Some of the places the Social Security Administration (SSA) says fraudulent QR codes are being placed over real ones include: 

    • Parking meters
    • Restaurant menus
    • Magazines

    How to protect yourself from fraudulent QR codes

    The potential for fraud may make you decide to never scan a QR code, but scannable codes can be very useful. Instead of avoiding altogether, keep these tips from the SSA in mind to help protect yourself from scanning a fraudulent QR code:

    • Check for tampering. If the QR code is on a physical sign, check to see if it’s been placed on the sign using a sticker. Legitimate QR codes usually are not stickers placed on signs.
    • Do not scan QR codes from unsolicited packages. You should never need to scan a code to find out who sent you a package.
    • Be wary of codes you encounter online. Do not scan codes from businesses you have not verified are legitimate. It’s always better to type a URL directly into your browser.
    • Don’t be swayed by urgent requests or claims of fraud. Scammers often use urgent language to make you feel like you need to act fast, sometimes for a limited-time offer, other times claiming your account has been compromised. Always take time to pause and think about whether the request makes sense.

    What to do if you become a victim

    The first thing you should always do if you believe you are the victim of a scam is to stay calm. The second thing to do is to call your bank.

    Ozier said, “If you believe you may have fallen victim to a scam, please know you’re not alone and you’re not to blame. Scammers are highly skilled and intentional in their tactics. Their goal is to create confusion, fear and urgency, to manipulate even the most cautious individuals.”

    “At Commerce Bank, we are here to support you. If you suspect fraudulent activity, contact us immediately to explain the situation. We will work with you to secure your accounts, protect your assets, and guide you through the next steps.”

    It’s very important to change the passwords of any accounts that may have been compromised and turn on two-factor authentication where you can.

    The FTC says it’s also a good idea to sign up to get a free credit report so you can monitor your credit. If you believe someone has stolen your identity, file a report with the FTC at IdentityTheft.gov.

    If your loved one was the victim of a scam, Commerce Bank has resources to help you navigate difficult conversations as well as preventative measures for the future.

    Scammers are constantly honing their tactics in order to trick victims. Do your best to stay updated on current trends, to help prevent yourself from becoming a victim and never let anyone pressure you into taking action before you have time to think. Taking the time to verify the authenticity of a QR code can save you lots of time and money in the future.

    Tags

    Fraud & Protection

    Disclosures:

    To view or print a PDF file, Adobe® Reader® 9.5 or above is recommended. Download the latest version.

    Explore more articles:

    Back to top

    About Us

    Careers

    • Join Our Team
    • Get Connected
    • Team Member Stories
    • Follow Us on Instagram
      You are now leaving the Commerce Bank website.

      By clicking the "I Agree" button below, you acknowledge and agree to the following:

      You will leave the Commerce Bank website and enter a third party social media/collaboration website. The information shared on Instagram.com is not the responsibility of Commerce Bank and we are not responsible for the content shared between users and participants on the site. Please note that Instagram.com may have its own privacy and security policies which differ from those of Commerce Bank.

      Never share your personal information on Instagram.

    • Upcoming Events

    Security Center

    Other Links

    Challenge Accepted.(R) Member FDIC. Commerce Bank logo

    Privacy Statement | Online Privacy Policy & Terms of Service | En Español

    Equal Housing Lender, Member FDIC

    Copyright © 2025 Commerce Bancshares, Inc. All rights reserved. Commerce Bank, Member FDIC.