QuickBooks QR Code Scam: What It Is and What to Do
A QuickBooks or Intuit-branded QR code can look routine when it arrives on an invoice, payment request, or account alert. Treat it as unverified until the invoice, sender, and destination match a vendor or account you can confirm directly.
How the scam works
Scammers use QuickBooks branding because small businesses are used to receiving invoices and payment links from vendors. A QR code may appear in an email, PDF attachment, printed invoice, or text message that says payment is overdue, a vendor account has changed, or an Intuit security review is required.
The code may open a fake payment page, a lookalike Intuit login, or a vendor payment form controlled by the attacker. In payroll and tax-season versions, the page asks for employer account details, banking information, or tax identity data under the pressure of a deadline.
This overlaps with the broader fake invoice QR code scam: the invoice looks familiar enough that a busy bookkeeper may scan first and verify later.
Red flags to check before paying
- The invoice was unexpected or came from a new sender address.
- The QR code opens a shortened, misspelled, or unfamiliar domain.
- The message says your QuickBooks or Intuit account will be locked unless you scan immediately.
- The payment page asks for bank login credentials instead of a normal card or ACH payment flow.
- The vendor says their payment details changed but did not confirm through your usual contact path.
The safer path is to open QuickBooks or intuit.com directly, find the invoice in your account, and confirm any payment-detail change by phone using a number from your vendor records.
What to do if you already scanned
- If you only opened the page: close it and verify the invoice through QuickBooks, Intuit, or the vendor directly.
- If you entered QuickBooks or Intuit credentials: change the password from a trusted device, sign out active sessions, and review connected apps and account users.
- If you entered card or bank details: call your card issuer or bank, explain that the payment page may have been fraudulent, and ask whether the account should be locked or reissued.
- If this involved a business account: notify finance and IT so they can preserve the message, review mailbox rules, and warn anyone else who may have received it.
For tax-themed QR lures, also review the guidance on IRS QR code scams.
Frequently asked questions
Does QuickBooks use QR codes on invoices?
Some businesses may use QR codes to make invoice payment easier, but you should verify the invoice inside QuickBooks, through intuit.com, or through the vendor contact you already know before paying. A QR code by itself does not prove the invoice is legitimate.
What should I do if I paid a fake QuickBooks QR invoice?
Contact your card issuer or bank immediately, preserve the invoice, QR code, payment confirmation, sender address, and destination URL, then notify the real vendor through a known phone number or email address. If it involved business funds, alert your finance or IT team.
Can a QuickBooks QR code steal my login?
The scan itself does not steal your login. The risk starts if the QR code opens a fake Intuit or QuickBooks sign-in page and you enter your username, password, one-time code, or account recovery details.
How can I verify a QuickBooks QR code?
Open QuickBooks or intuit.com directly instead of using the QR code. If the invoice is real, it should appear in your account or match a vendor you can verify through a separate channel. Be cautious with URL shorteners and lookalike domains.
Check invoice QR codes before opening them
QRsafer previews the destination and checks for risky signals before a payment or login page opens.
