AT&T QR Code Scam: What It Is and What to Do

Why AT&T is one of the most impersonated telecom brands

AT&T is the second-largest US wireless carrier with more than 70 million postpaid subscribers — and also one of the largest providers of broadband, fiber internet, and satellite TV through DIRECTV. That combination makes AT&T one of the top three most-impersonated telecom brands in FTC smishing complaints. A single fraudulent message reaches a huge share of people who are actual AT&T customers.

These scams arrive through three primary channels:

• Smishing texts impersonating AT&T billing alerts: A text arrives with AT&T branding and a message like “Your AT&T account has an unpaid balance. Scan the QR code below to pay now and avoid service disconnection.” The code leads to a fake myAT&T payment page that captures your card number or account credentials. Urgency is the engine — the threat of losing phone or internet service triggers immediate action before victims think to verify.
• Fake “AT&T Rewards” or “DIRECTV upgrade” QR codes: Emails and direct-mail pieces mimicking AT&T promotional offers promise free streaming months, device upgrade credits, or DIRECTV Stream discounts. A QR code instructs recipients to “claim your offer” before a deadline. The linked page collects myAT&T login credentials or payment details under the guise of verifying account eligibility for the reward.
• Fake AT&T FirstNet QR codes targeting first responders: AT&T's FirstNet network is a dedicated broadband service for police, firefighters, paramedics, and emergency management. Scammers send QR codes to first responders claiming to be a FirstNet account security alert, a device upgrade opportunity, or an identity verification requirement. FirstNet users are particularly high-value identity theft targets because many are law enforcement officers whose personal data carries additional risk if exposed.

QR codes are used instead of plain links for a deliberate reason. They bypass many SMS spam filters, push the interaction to a mobile browser where destination URLs are easy to overlook, and carry a visual legitimacy that a bare link does not. This technique is called quishing, and telecom impersonation is one of its most common forms.

What AT&T actually does — and never does — with QR codes

AT&T does use QR codes in narrow, low-risk contexts:

• Retail store displays and point-of-sale signage
• Printed brochures and device packaging linking to the myAT&T app
• In-store promotional materials

AT&T will never send you an unsolicited QR code to:

• Verify your identity or log you into myAT&T
• Avoid service disconnection or pay an overdue bill
• Claim a promotional reward, activate a device upgrade, or apply a streaming credit
• Complete a FirstNet account verification or security update
• Update your payment method or banking details

Every legitimate AT&T account action happens at att.com or inside the myAT&T app — not through an unsolicited QR code in a text, email, or mailer. If a QR code arrives with urgency around your bill or account access, that urgency is the scam.

For a broader look at how QR code scam texts work across all impersonated brands, see our full guide.

What to do right now

Your response depends on what you did after scanning.

If you only scanned and didn't enter anything: Your risk is low. Close the page, do not return to it, and monitor your AT&T account and any linked payment methods for 48 hours.

If you entered your credentials, payment details, or personal information, act immediately:

1. Call AT&T support now. Dial 611 from your AT&T phone, or call 1-800-331-0500. Do not use any phone number or contact information in the suspicious message.
2. Change your myAT&T password immediately. Go directly to att.com — not through the suspicious QR code page — and update your password from a trusted device on a trusted network.
3. Enable two-step verification. AT&T's two-step verification blocks unauthorized logins even if your password was captured. Activate it in myAT&T account security settings.
4. Set or reset your wireless passcode (passphrase). This four-digit code prevents unauthorized account changes, including SIM swaps, over the phone. Confirm it is active in your myAT&T profile.
5. Review your account for unauthorized changes. Check your plan details, authorized users, device upgrades, and any new lines added to your account.
6. Dispute any unauthorized charges with your payment card issuer if you entered card details on the fake site.
7. File a report with the FTC at reportfraud.ftc.gov and forward any smishing text to 7726 (SPAM), which sends it to your carrier's anti-abuse team.

For a complete recovery checklist covering every type of QR phishing scenario, what to do if you scanned a suspicious QR code walks through each step in order.

How to protect yourself before you scan

Fake AT&T pages are convincing. You cannot rely on logos or branding — you need to verify the destination URL before your browser loads anything.

• Scan with QRsafer first. QRsafer checks the destination URL against threat intelligence and shows you a safety verdict before your browser opens anything. A phishing page impersonating myAT&T will not pass that check.
• Verify the domain before entering anything. AT&T's real domain is att.com — nothing else. Attackers register lookalikes like att-bill-alert.com or myattverify.net. Read the full URL in your browser bar, not just the logo on the page.
• Never pay an AT&T bill through a QR code you didn't request. Open the myAT&T app directly instead. It takes ten seconds and removes the risk entirely.
• Call AT&T to verify unexpected messages. If you receive a text or mailer with a QR code claiming to be from AT&T, dial 611 or 1-800-331-0500 and ask if they sent it. If they didn't, the scam ends before it starts.
• FirstNet users: be extra skeptical of any unsolicited QR code. AT&T will never contact you via QR code for FirstNet account verification. If you receive one, report it to your agency's IT or security team in addition to AT&T.

Frequently asked questions