(WTTV/WXIN) — Scammers are getting better at making QR codes look legitimate in efforts to trick you out of your money.

We’ve previously reported here about widespread parking scams that utilize QR codes to trick you into navigating to malicious websites. Now, the Better Business Bureau is warning that QR codes are showing up in a wide variety of schemes designed to steal your money, your information, or both.

In some cases, victims are being contacted by someone posing as their utility company, the IRS, or the Social Security Administration. Victims are told they owe an outstanding balance but the normal payment portal is down. Instead, they have to scan a QR code to go to a different website.

That website is fake and either grabs your online information or uploads malware to do that.

A number of other phishing scams, romance scams and schemes using cryptocurrency wallets do the same thing.

Other scams don’t use fake QR codes. They use real ones that actually lead to the company or organization they claim to represent. However, that’s just a way to establish trust so they can start working on you in other ways to convince you to give up sensitive information.

To avoid QR code scams, the BBB recommends the following tips:

  • Confirm the QR code before scanning. If you receive a QR code from a friend via text or a message on social media from a workmate, be sure to confirm with that person they meant to send you the code to verify they have not been hacked. Keep in mind what you know about the person messaging you. Are they active in cryptocurrency investments, or is this message a little out of character? How often do you talk to this person, and does it make sense they would come to you with this opportunity? Trust in your intuition and avoid scanning any QR code until you know they sent it on purpose. 
  • Do not open links from strangers. If you receive an unsolicited message from a stranger that includes a QR code, BBB strongly recommends against scanning it. If the message promises exciting gifts or investment opportunities under the condition you ‘act now,’ be even more cautious. Scammers use this type of language consistently and rely on their targets to make immediate decisions before verifying its authenticity.  
  • Be wary of short links. Suppose a shortened URL appears when hovering your camera over a QR code. In that case, there is no way of knowing where it will direct you once the link is followed. Ensure you are confident that the QR code is legitimate before following short links, as it may send you to a malicious website. Once on the website, look at the URL and verify the domain and subdomain make sense for the organization that supposedly operates it. Scammers often switch around the domain and subdomains for URLs or slightly misspell one word to make websites appear legitimate. 
  • Check for tampering. Some scammers attempt to mislead consumers by altering legitimate business ads or placing stickers on the QR code. Keep an eye out for signs of tampering and, if discovered, have the business check that the posted QR code is genuine. Most businesses permanently install scannable QR codes using laminate or placing it behind glass in their establishments. They will often include the business’s logo in the code, often in the middle. 

If you’ve been the victim of a QR scam, report it at BBB.org/ScamTracker. Information provided may prevent another person from falling victim.