Utility Bill QR Code Scam: What's Safe and What's a Scam
You got a bill — or a notice — with a QR code asking you to pay. Most QR codes on real utility bills are legitimate. But fake disconnection threats and door-to-door payment solicitations use the exact same format. Here is how to tell them apart, and what to do if you already paid.
QR codes on real utility bills: usually safe, with one exception
Most major utility providers — electric, gas, water, and internet — now print a QR code on their paper bills that links directly to their official online payment portal. If your bill came from your actual utility company and the QR code resolves to that company's official domain, scanning it is generally safe.
The exception is a tampered sticker. In this attack, someone intercepts your mail, places a fraudulent QR code sticker directly over the printed one, and reseals the envelope. The rest of the bill looks completely real — because it is. Only the QR code has been swapped. Before scanning a QR code on any paper bill, run your fingernail across the surface. A printed QR code is flat; a sticker sits slightly above the paper and may have an edge you can feel or see.
Use QRsafer to preview the destination URL before your browser opens it. If the URL matches your utility's official website, you can proceed. If it shows an unfamiliar domain — especially one with a string of random characters or a domain ending other than .com — do not proceed and report the bill to your utility company's fraud line.
The three utility bill QR code scam variants
1. Fake disconnection-threat notices. This is the highest-risk variant and the most common. You receive a notice — by mail, email, or text — claiming your electric, gas, or water service will be cut off within 24 hours unless you pay an overdue balance by scanning a QR code. The notice may look convincingly like your real utility's letterhead, complete with a logo and a fabricated account number.
Here is the critical fact scammers are counting on you not to know: real utility companies are required by state regulators to give customers at least 10 days' advance written notice before disconnecting service. They must also provide a dispute and payment-arrangement process. Any notice threatening same-day or next-day shutoff and demanding QR-code payment is fraudulent — full stop. Call your utility company using the number on a previous paper bill (not any number on the suspicious notice) to verify your actual account status before paying anything.
2. Door-to-door and phone payment solicitations. This variant specifically targets elderly and low-income households. A person visits your home — or calls — claiming to represent your utility company and offering a "discounted" or "deferred" payment option for your outstanding balance. They produce a QR code on a phone, tablet, or printed card and ask you to scan it and enter your card details or bank account number.
Real utility companies do not send collectors door-to-door to collect QR-code payments. If someone arrives at your home claiming this, ask for a government-issued ID and employee number, close the door, and call your utility's customer service line to verify. Do not scan any QR code they present. See also: door hanger QR code scam.
3. Tampered physical bill with a sticker QR code. As described above, this is the most technically sophisticated variant: your real bill arrives in the mail but a fraudulent QR code sticker has been placed over the printed one. The destination URL looks nothing like your utility's official domain. Previewing the URL with QRsafer before scanning is the simplest way to catch this before any harm is done.
Warning signs of a fraudulent utility payment QR code
- Urgency: less than 10 days to pay or service is cut. State regulators require advance notice. A "24-hour shutoff" threat is always a scam.
- Requests payment in gift cards or cryptocurrency. No utility in the United States accepts gift cards or crypto as a legitimate payment method.
- The QR code URL does not match your utility's official domain. Preview the link with QRsafer before tapping. The domain should clearly match your provider's published website (e.g., pge.com, coned.com, xcelenergy.com).
- The notice arrived via text from an unknown number. Your utility company has your phone number on file and will contact you through channels you established when you opened your account. Unsolicited texts about account shutoff are almost always impersonation scams.
- No mention of a dispute process or payment plan. Legitimate shutoff notices include information about how to dispute the balance or arrange a payment plan. A notice with only a QR code and a deadline has omitted this intentionally.
- The QR code sticker is raised above the paper surface. Run your fingernail across the printed area of your bill. A sticker overlay will have a detectable edge.
What to do if you paid via a fraudulent utility bill QR code
First, verify your actual account status. Call your utility company using the number on a previous paper statement — not any number on the suspicious notice. Confirm whether your account is actually overdue. In many cases, your account is current and no payment was needed.
- Call your bank or card issuer immediately to report the charge as fraudulent and request a chargeback. Credit card disputes are the strongest — you have up to 60 days. Debit card disputes require action within a few business days for full protection. Zelle, Cash App, and cryptocurrency payments are difficult to reverse; report them to the platform and to the FTC regardless.
- Report to your utility company's fraud line. Most large utilities have a dedicated fraud reporting number on their official website. Your report helps them warn other customers in your area.
- File a complaint with the FTC at reportfraud.ftc.gov. You can also report to your state's public utilities commission — they track impersonation patterns and can issue consumer alerts.
- If you submitted your Social Security number or bank account details, place a free fraud alert with Equifax, Experian, and TransUnion. Consider a free credit freeze at each bureau to prevent new accounts from being opened in your name. File an identity theft report at IdentityTheft.gov.
- If a physical notice was left at your door or delivered by a person, report it to local police and your city's consumer-protection office. Save the notice or photograph it — it is evidence.
Frequently asked questions
Is the QR code on my utility bill safe to scan?
Usually yes — QR codes printed on bills from real utility providers link to their official payment portals. The main risk is a tampered sticker placed over the printed code. Use QRsafer to preview the destination URL before tapping; if it matches your utility's official domain, it is safe. If the URL looks unfamiliar or generic, do not proceed and contact your utility's fraud line.
What does a fake utility disconnection QR code scam look like?
It typically arrives as a mailed notice, email, or text claiming your service will be shut off within 24 hours unless you pay via QR code. It may look exactly like your real utility's letterhead. The key tell: real utilities are legally required to give at least 10 days' notice before disconnection and must offer a dispute process. Any same-day shutoff threat demanding QR-code payment is a scam.
What should I do if I paid via a utility bill QR code scam?
Call your utility company using the number on a previous bill to verify your account status, then call your bank immediately to dispute the charge. File reports with the FTC at reportfraud.ftc.gov and your state's public utilities commission. If you provided personal identifying information, place a fraud alert with the three major credit bureaus and consider a credit freeze.
Preview the URL before you pay
QRsafer shows you the destination URL and a safety verdict before your browser loads the page — so you can verify a utility bill QR code is pointing to the real payment portal before entering your card details. Free on iOS and Android.