QR codes are a a two-dimensional type of barcode, or scannable pattern in the form of a square image. QR stands for Quick Response. You can point your smartphone camera at a QR code to access a wide variety of data, like website links, account information, phone numbers, or even coupons. QR codes have become more popular since the pandemic, many restaurants started using them in place of paper menus. Now, the FBI is warning consumers that criminals are tampering with some codes to steal information and money.

Cybercriminals are changing the code in legitimate QR codes to disguise malicious links that steal your information, redirect your payments, or install malware on your smartphone. You really can't differentiate between a legitimate QR code and a malicious one. The FBI is warning people to use caution with them, especially when making a payment through one.

You really can't differentiate between a legitimate QR code and a malicious one.

The following 6 tips can help avoid becoming a victim of a scam:

1. Be cautious entering any information to a website accessed through a QR code.

2. If a QR code prompts you to download an app, do not do it. Get it through your device’s app store.

3. Look to be sure the code hasn't been tampered with. If a sticker has been placed on top of it, that is a good indicator it is a malicious QR code.

4. Check carefully that the website address is the intended website when scanning a QR code.

5. Beware of QR code scanner apps, which the FBI says raises your risk of downloading malware.

6. Make payments only through a trusted website, not through a website accessed by a QR code.

While QR codes aren’t normally malicious, it is crucial to be cautious when entering financial and personal data. The FBI is asking the public to double-check any website generated by a QR code, to be careful while entering their details after scanning one, and ensure that physical QR codes are not covered by fake ones. The bureau has also recommended to not download apps via QR codes. Treat QR codes like you treat suspicious phishing emails. If you have or think you might have a malicious QR code, report the code to the Better Business Bureau.