Member FDICFDIC-Insured - Backed by the full faith and credit of the U.S. Government

Keep Yourself Safe From Malicious QR Code Scams

You have no doubt noticed that QR codes—those square blocks of black and white pixels—are ubiquitous, adorning everything from restaurant menus to store products to mall posters. They are a low-cost, easy way for businesses to link consumers to websites, store discounts, promotional campaigns and mobile payments. The problem is, they’re not entirely secure. 

QR codes have really come into their own as the preference for contactless transactions has increased during the pandemic. More than one-third of smartphone users have scanned a QR code on a product or at a restaurant or bar over the last year. The problem is most mobile users aren’t aware of the potential risks of QR codes. 

While they can’t easily mess with the pixelated dots in the box, hackers are able to embed malicious software in the QR code. While the code looks the same, a hacked QR code can send users to an infected website where it can trigger a malicious download or capture sensitive information. It can also install malicious software on a smartphone. Once on the smartphone, the malware can wreak havoc. It can:

Most smartphones have QR code reading capabilities, and sometimes it’s tempting to use them. But, just because you may be able to scan a QR code doesn’t mean you should—at least without considering the possible consequences. Refraining from scanning them is your best defense against scammers, but there are other precautions you can take

Some financial institutions include their logo inside the QR code similar to the way Alpine Bank does with its code (see below).

About This Author


Ross Bentzler

Ross Bentzler is Executive VP and Information Security Officer for Alpine Bank. Ross has worked in the information technology field for two decades, focusing on information security for 13 years.

More about Ross Bentzler

Allpoint It’s your money after all. Find a surcharge-free ATM