EL PASO, Texas (KTSM) — The FBI is warning the public about QR code scams, which the nation’s top crime fighters are saying are a growing problem.

“QR” stands for “quick response.” The QR code is a square image that you can scan with your phone — usually by just pointing your camera at it. The image itself is filled with data that can do lots of helpful things, such as send you to a particular website or payment portal.

QR codes have become much more common, according to the FBI. They allow restaurants to use virtual menus and vendors to accept cashless payments easily. You may find codes physically pasted about or virtually embedded into ads, emails, or online. They are easy to create and, unfortunately, easy to hack.

In 2022, the FBI started receiving reports of people who were falling victim to QR code scams, including some who lost money. One area of particular concern — frauds involving cryptocurrency, the FBI said in its weekly Tech Tuesday warning.

Crypto transactions are often made through QR codes associated with crypto accounts, making these transactions easy marks, according to the FBI.

The QR code scam has evolved much like all other scams, the FBI says. Now scammers are using QR codes and gift cards together. Scammers may call and say they’re going to send a QR code to your phone, so you can receive a free $100 gift card. In reality, the QR code may take you to a malicious website.

If you happen to scan a scammer’s bad code, you could end up giving them access to your device. They can access your contacts, download malware, or send you to a fake payment portal. Once there, you can inadvertently give them access to your banking and credit card accounts. If you make a payment through a bad QR code, it’s difficult, if not impossible, to get those funds back.

Here’s how to protect yourself:

  • Do not scan a randomly found QR code.
  • Be suspicious if, after scanning a QR code, the site asks for a password or login info.
  • Do not scan QR codes received in emails or text messages unless you know they are legitimate. Call the sender to confirm.
  • Some scammers are physically pasting bogus codes over legitimate ones. If it looks as though a code has been tampered with, don’t use it. Same thing with legitimate ads you pick up or get in the mail.

Finally, consider using antivirus software that offers QR readers with added security that can check the safety of a code before you open the link, the FBI said.

If you are the victim of any online fraud, you should report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call the FBI El Paso Field Office at (915) 832-5000.