Allstate QR Code Scam: What It Is and What to Do

How Allstate QR code scams work

Allstate's widespread brand recognition and large agent network make it a frequent impersonation target. With 16 million customers and a reputation for direct-mail communications, scammers can send lookalike billing notices or pitch QR codes in person with a high chance of being trusted.

Fake Allstate payment-due mailers and emails. You receive what appears to be an Allstate billing notice — the correct logo, the Good Hands® imagery, and a policy number that resembles yours. A QR code directs you to “pay your premium now” or “avoid a policy lapse.” Because Allstate customers commonly pay premiums quarterly or semi-annually, an unexpected notice can feel plausible. The destination is a phishing payment portal that captures your card number, billing address, and sometimes your SSN. The real Allstate does not route premium payments through QR codes in unsolicited mailers or emails.

Fake Drivewise™ enrollment QR codes. Allstate's Drivewise telematics program does legitimately use an app and QR codes — which scammers exploit. Fake enrollment notices arrive by email, text, or physical flyer claiming you can “earn a safe-driver discount by scanning to install Drivewise.” The linked page installs a malicious app that requests location data, contacts, and device permissions, or it redirects to a credential-harvesting page designed to look like the Allstate app login. Real Drivewise enrollment is initiated inside the official Allstate app — never from a QR code in an unsolicited message.

Independent-agent impersonators. A person arrives at your door, calls your business, or approaches you at a community event presenting a business card or tablet with the Allstate logo and a QR code. They offer a “free quote” or a “policy review,” then ask you to scan the code to “add your vehicle” or “confirm your eligibility.” The page behind the code collects your SSN, date of birth, VIN, and banking or credit card details.

QR codes help scammers because the destination URL is hidden until after the scan, the branded page fills a phone screen immediately, and the address bar is easy to overlook. This is part of a broader category of quishing attacks — QR-code-based phishing that bypasses traditional email security filters.

What Allstate will never ask you to do via QR code

Allstate manages all billing and policy activity through allstate.com, the Allstate mobile app, and your named agent. No legitimate Allstate communication will ever ask you to do any of the following through a QR code in an unsolicited message:

• Pay a premium, renewal fee, or outstanding balance by scanning a QR code from a mailer or unsolicited email
• Install Drivewise or any other Allstate app by scanning a QR code sent outside the official Allstate app
• Enter your SSN, driver's license number, or date of birth through a QR code link
• Submit your VIN or vehicle details via a QR code in a text message
• Log in to your Allstate account through a QR code from an unknown or unsolicited source

If you receive any of these requests, treat it as a scam regardless of how genuine the branding appears. Always verify by calling Allstate directly at 1-800-255-7828 or by logging in at allstate.com.

The tactics used in Allstate impersonation scams closely mirror broader insurance agent QR code scams — especially the door-to-door and unsolicited-mailer variants.

What to do right now

Your response depends on what you provided after scanning.

If you only scanned and didn't enter anything: Your risk is low. Close the page and don't return to it. Monitor your financial accounts for 48 hours as a precaution.

If you entered personal information (name, SSN, driver's license, VIN):

1. Place a fraud alert with all three credit bureaus. Contact Equifax, Experian, or TransUnion — a single call alerts all three. This makes it harder for the scammer to open accounts in your name.
2. Consider a credit freeze. More protective than a fraud alert, a freeze prevents any new credit from being opened in your name. It is free and reversible at all three bureaus.
3. File a report with the FTC at reportfraud.ftc.gov. This creates an official record and generates a personalized recovery plan.
4. Report to your state's insurance fraud bureau. Most states maintain a dedicated insurance fraud division — search “[your state] insurance fraud bureau” to find the correct agency.
5. Contact Allstate directly at 1-800-255-7828 to confirm whether the communication was legitimate and to flag your account for unusual activity.

If you installed an app from the QR code:

1. Delete the app immediately from your device.
2. Review recently granted permissions — on iOS go to Settings → Privacy & Security; on Android go to Settings → Apps → [App Name] → Permissions — and revoke any access to location, contacts, or storage.
3. Run a security scan on your device using a trusted mobile security app.
4. Change passwords for any account you accessed on the device after installing the app.

If you made a payment:

1. Contact your bank or card issuer immediately. Credit card chargebacks are possible if reported promptly. Debit card disputes have a narrower window — act within 48 hours when possible.
2. If you paid by Zelle, Venmo, or Cash App, those transfers are generally irreversible — but report the fraud within each app and to your bank, which may be able to assist in limited circumstances.
3. File a police report. Insurance fraud and phishing scams are crimes. A police report number supports any bank dispute or state insurance fraud investigation.

For a complete step-by-step recovery guide, what to do if you scanned a suspicious QR code walks through every scenario in order.

Frequently asked questions