They are called QR scans, and they have but one simple request: “scan me.”
These odd blocks of squares and funky swirls pack powerful info, making a trip to a museum, searching for a restaurant menu or parking on the go informative and simple. And all you have to do is scan with your phone.
It’s magic – alas, not always the good kind since criminals have joined the QR family.
The FTC warned earlier this year of fake QR codes on packages delivered without warning. The idea is to get you to scan the QR code for more information, providing scammers with your sensitive information through malware.
There have been reports of fake QR codes on parking meters that route the money to a criminal third party.
Now comes the latest QR code scam: phishing emails sent straight to your inbox.
Scammers will attempt to compromise your username and password via malicious QR codes sent over email. If scanned, these QR codes could lead victims to websites that pretend to belong to well-known organizations – like banks, software and retail – but actually belong to the scammers.
Adam Perino, Cyber Intel lead for Regions Bank
According to Adam Perino, Cyber Intel lead for Regions Bank, the QR code phishing scam works like this:
“Scammers will attempt to compromise your username and password via malicious QR codes sent over email,” Perino said. “If scanned, these QR codes could lead victims to websites that pretend to belong to well-known organizations – like banks, software and retail – but actually belong to the scammers.
“When you unknowingly provide your username and password to the scammers, you put yourself at risk.”
The best way to avoid becoming a victim? Don’t do a thing.
3 Tips to Avoid QR Code Scams
- Do NOT scan QR codes from unknown sources.
- Do NOTprovide your username and password or account information to untrusted sites.
- If you see a potentially malicious QR code in email, report it as phishing to your email provider.
“By understanding this threat, you can help protect your personal data and finances,” Perino said.

Additional Resources from Regions.com
Related Articles from Doing More Today
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.