X

Don't Get Hacked by a QR Code Jacker

QR codes have become a convenient part of everyday life. From paying for parking and ordering meals to accessing menus or charging electric vehicles, QR codes make transactions fast and contactless. Unfortunately, criminals are taking advantage of this convenience through a growing scam known as QR code jacking.

What Is QR Code Jacking?

QR (Quick Response) code jacking occurs when fraudsters place fake QR codes over legitimate ones in public places. These fake codes may be found on parking meters, restaurant tables, leaflets, public signage, or electric vehicle charging stations.

When someone scans the fraudulent QR code, they are redirected to a fake website designed to look like a legitimate payment or service page. The site prompts users to enter personal or financial information, such as debit card numbers, bank details, or login credentials. Once entered, this information can be used by scammers to steal money or commit identity fraud.

Because QR codes don’t display a web address until they are scanned, it can be difficult to tell whether a code is legitimate at first glance.

Red Flags to Watch For

Being aware of warning signs can help you avoid becoming a victim of QR code jacking. Keep a close eye out for these red flags: 

  • QR codes placed in public areas that appear to be stickers layered on top of another code.

  • Unexpected payment requests, especially for services that typically use apps, kiosks, or card readers.

  • Websites with unusual or misspelled URLs after scanning a QR code.

  • Pages that ask for excessive personal information, such as full banking credentials or PINs.

  • Urgent language like “pay immediately” or “service will be suspended.”

  • Poor website quality, including broken links, spelling errors, or generic branding.

If something feels off, trust your instincts and pause before entering any information.

How to Protect Yourself

You can reduce your risk by taking a few simple precautions:

  • Avoid paying through QR codes placed in public spaces whenever possible.

  • Use official apps or websites you access manually instead of scanning a code.

  • Always check the website URL before entering payment or personal details.

  • Look for “https://” and a padlock symbol in the address bar.

  • When in a restaurant, parking area, or business, confirm with staff that the QR code is legitimate.

  • Keep your phone’s operating system and security software up to date.

What to Do If You Think You’re a Victim

If you believe you’ve scanned a fraudulent QR code or entered your information on a fake site, act quickly:

  1. Contact your financial institution immediately to report the incident and secure your account.

  2. Monitor your accounts closely for unauthorized transactions.

  3. Change passwords and PINs associated with the affected accounts.

  4. Report the scam to local authorities or consumer protection agencies.

  5. Run a security scan on your device to check for malware or suspicious activity.

Prompt action can help minimize financial losses and protect your personal information.

QR codes are a useful tool, but they should be used with caution, especially in public settings. By staying alert, checking website details, and knowing what steps to take if something goes wrong, you can protect yourself and your finances from QR code jacking scams.

If you ever have concerns about a transaction or suspicious activity, your credit union is here to help. Don’t hesitate to reach out to your Forest Area Federal Credit Union branch with questions or for guidance.

Fraud Awareness and Prevention Center