Coinbase’s Super Bowl Ad Is a Reminder That Not All QR Codes Are Safe

Back in January the FBI warned that cybercriminals are tampering with the codes to redirect victims to malicious sites

A person holding up a smartphone and scanning a QR code. In January 2022, the FBI warned about scammers manipulating QR codes.
QR codes can be manipulated, but there are ways to use them safely.
Witthaya Prasongsin / Getty

That Coinbase ad involving a bouncing QR code? A week after its much-discussed Super Bowl appearance, it’s still generating talk (not all of it good).

Most recently, Inc. noted that QR codes are increasingly being used by scammers. While a warning from the FBI that the publication mentions was released nearly a month before the Coinbase ad appeared, it’s certainly prescient.

In the Jan. 18 announcement, the FBI suggested “cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.” That particular ad you saw on TV? Definitely not malicious. But QR codes that you find in an email, or a sticker near, say, your ATM? They may direct your phone to malicious sites to steal data or embed malware.

QR codes have been around for decades, but they regained popularity during the pandemic, particularly with restaurants and bars (the code would redirect to menus or even ordering/payment by phone options). As well, sites like PayPal and Venmo allow users to scan a QR code to send funds to each other.

How do you tell a good QR code from a bad one? If you can, double check which website you’re being redirected to before clicking anything else (and especially before entering any personal information). Don’t click on QR codes sent by email — the idea behind the technology is to use only when direct links aren’t available — and certainly make sure any code you’re scanning isn’t on some sticker that’s on top of a venue’s legit QR.

And, finally, as the FBI suggests, “While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code.”

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.