QRsafer LogoQRsafer
How Common Are QR Code Scams? More Than You Think
← Back to blog

How Common Are QR Code Scams? More Than You Think

QR code scams have moved from rare news story to everyday risk. Here's how widespread the problem is, where scams show up most often, and what you can do before your next scan.

2026-05-11 · QRsafer Team

A few years ago, a QR code scam was a story you'd read about and forget. Today it's something that can happen in a restaurant, at the gas pump, in your inbox, and on your front porch — often all in the same week. If you're wondering whether this is actually a widespread problem or still a rare edge case, the answer is clear: it's widespread, it's growing, and most victims never get counted.

QR code scams went from rare to routine in under five years

QR codes themselves went mainstream during the pandemic when contactless menus, payments, and check-ins became the norm. Attackers noticed immediately. The FBI issued its first national advisory on malicious QR codes in January 2022, a sign the threat had grown large enough to warrant a public warning.

By 2023 the FTC had received more than 22,000 QR code fraud reports — up from near zero in 2020. Reported losses in those cases exceeded $10 million. But both figures almost certainly undercount the problem: the FTC estimates that fewer than 5% of fraud victims ever report to a government agency. Adjust for that and the real scale of QR code fraud in 2023 likely ran into the hundreds of thousands of incidents in the US alone.

For the full breakdown of the data, see our QR code scam statistics post.

Where scams show up most often

QR code scams are not confined to one surface or one type of victim. They appear wherever QR codes have become familiar enough that people scan without hesitating.

Physical locations:

  • Parking meters — sticker QR codes placed over legitimate payment codes were the subject of the FBI's 2022 advisory and have been confirmed in cities across the country
  • Gas pump payment terminals, EV chargers, laundromat washers and dryers — anywhere an unattended machine has a payment QR code, a sticker can replace it
  • Restaurant and café table tents, hotel room desks, gym equipment — tampered codes redirect to fake ordering or Wi-Fi portals
  • Packages — third-party Amazon sellers include cards with QR codes for fake warranty registration or review sites that harvest account credentials

Digital channels:

  • Phishing emails that embed a QR code image instead of a hyperlink — bypassing the link-scanning security tools most organizations rely on, a technique called quishing
  • Text messages impersonating USPS, toll agencies, banks, and the IRS
  • Social media posts and DMs on Instagram, WhatsApp, Discord, and Telegram

Person scanning a QR code with a smartphone

The numbers that show how fast this has grown

The growth rates are more alarming than the raw totals:

  • Check Point Research documented a 587% increase in quishing attacks in Q3 2023 compared to Q2 2023
  • Hoxhunt measured 51% growth in QR phishing attacks in just five months (July–November 2023)
  • ReliaQuest found that in certain corporate email campaigns, more than 60% of phishing lures used QR codes rather than hyperlinks — specifically to evade email security tools
  • The FBI's 2023 IC3 report logged over 880,000 cybercrime complaints totaling $12.5 billion in losses, with QR-facilitated fraud appearing across investment fraud, business email compromise, and personal data theft categories

These numbers come from the companies and agencies that actively track the problem. Most individual incidents go uncounted.

Why QR code scams are underreported

Three things keep QR code fraud underreported:

  1. Low dollar amounts discourage disputes. A $2 laundromat charge or a $4 parking fee gets absorbed rather than challenged. The scam pays off at scale — hundreds of victims at the same machine before the tampered sticker is found.
  2. Victims don't know where to report. Someone who got a suspicious page after scanning a restaurant code may not realize a crime occurred, or may simply not know that the FTC and FBI IC3 accept consumer reports.
  3. Losses that go through the bank get categorized differently. A fraudulent charge disputed via the credit card company doesn't necessarily appear in scam complaint data.

How to protect yourself before the next scan

The safest habit is to pause before every scan in a public place and look for signs of tampering: stickers layered over existing codes, damage to the surrounding surface, or a redirect to a domain you don't recognize. But that kind of vigilance isn't realistic every time — especially when you're in a rush, in an unfamiliar place, or when the code is in an email image.

Automated URL checking — done before the page loads — is the consistent protection that doesn't depend on you catching something in the moment. If you want to understand exactly what can go wrong when a scan goes through, read what happens if you scan a fake QR code. If you're worried about a recent scan, see what to do immediately.

QRsafer checks the destination of every code against security databases before your browser opens the page — the step that stops the majority of these attacks. Download it for iOS or Android and scan with confidence.

Frequently asked questions

How common are QR code scams in the US?

Very common — and growing. The FTC received more than 22,000 QR code fraud reports in 2023, up from near zero in 2020. Because fewer than 5% of fraud victims ever file a federal complaint, the true number of incidents likely runs into the hundreds of thousands per year.

What are the most common places QR code scams occur?

The FBI and FTC have flagged parking meters, restaurants, package inserts, and unsolicited mail as the most frequently reported physical vectors. In the digital world, phishing emails that embed QR codes instead of hyperlinks — a technique called quishing — have become a significant corporate threat.

Are QR code scams increasing or decreasing?

Increasing. Check Point Research documented a 587% spike in QR phishing attacks in a single quarter in 2023. Physical QR scams at payment kiosks, gas pumps, EV chargers, and laundromats have spread to cities across the country since the FBI's first national advisory in January 2022.

Does QRsafer protect against common QR code scams?

Yes. QRsafer checks the destination URL of every code against security threat databases before your browser opens the page — stopping phishing pages, fake payment portals, and malicious redirects before they can do any damage. Download it for iOS or Android.

FAQ

How common are QR code scams in the US?

Very common — and growing. The FTC received more than 22,000 QR code fraud reports in 2023, up from near zero in 2020. Because fewer than 5% of fraud victims ever file a federal complaint, the true number of incidents likely runs into the hundreds of thousands per year.

What are the most common places QR code scams occur?

The FBI and FTC have flagged parking meters, restaurants, package inserts, and unsolicited mail as the most frequently reported physical vectors. In the digital world, phishing emails that embed QR codes instead of hyperlinks — a technique called quishing — have become a significant corporate threat.

Are QR code scams increasing or decreasing?

Increasing. Check Point Research documented a 587% spike in QR phishing attacks in a single quarter in 2023. Physical QR scams at payment kiosks, gas pumps, EV chargers, and laundromats have spread to cities across the country since the FBI's first national advisory in January 2022.

Does QRsafer protect against common QR code scams?

Yes. QRsafer checks the destination URL of every code against security threat databases before your browser opens the page — stopping phishing pages, fake payment portals, and malicious redirects before they can do any damage. Download it for iOS or Android.