The FBI of US has issued a formal advisory highlighting the dangers of a new scam involving unsolicited packages bearing QR codes
The Federal Bureau of Investigation (FBI), a law enforcement agency in the United States has identified a new and growing cybersecurity threat: fake packages sent by criminals with embedded QR codes designed to compromise personal data.
This tactic builds on an older scam known as “brushing” — where people received unordered goods — but with a more dangerous twist.
This scam is particularly relevant in India given the widespread use of QR codes for UPI payments and digital interactions. With millions relying on services like Paytm, PhonePe, and Google Pay, cybercriminals could easily exploit similar tactics by sending fake courier parcels or placing malicious QR stickers in public places.
India has already witnessed scams involving tampered QR codes on shop counters and fake payment links — making it crucial for users to stay vigilant. Authorities urge citizens to avoid scanning unknown QR codes, verify deliveries directly through official platforms, and report suspicious activity to cybercrime.gov.in or local police stations.
What is the scam?
Criminals are mailing out unexpected parcels with QR codes printed on or inside the package. The QR codes lure recipients into scanning them under the pretence of tracking information or verifying delivery. But instead, scanning may lead to:
- Fake websites asking for personal or financial details
- Automatic downloads of malware or spyware
- Attempts to hijack your phone or app permissions
The scam exploits curiosity, particularly when someone receives a mysterious package they didn’t order.
How to recognise it:
You may be looking at a scam if:
- You receive a package you never ordered
- The sender information is missing, fake, or vague
- There is a QR code sticker or label urging you to “scan to learn more”
- The QR code doesn’t come with a legitimate explanation or branding
- The link from the QR code shows a suspicious URL when previewed
Scammers rely on recipients acting quickly and scanning the code without thinking.
How to prevent falling victim:
The FBI and cybersecurity experts recommend the following safety steps:
- Never scan QR codes on unsolicited packages.
- Inspect all packages before opening and avoid interacting with anything suspicious.
- Preview the QR code link (most phones show a preview before opening); if the URL looks strange, do not proceed.
- Avoid giving permissions to unknown apps or pop-ups after scanning.
- Secure your devices with antivirus protection and regular software updates.
- Request free credit reports from national agencies and update your passwords regularly.
- Report incidents to the cyber security or your local authorities.
This scam is part of a broader trend in which fraudsters place fake QR codes in public places. With QR codes becoming a regular part of daily interactions — from restaurant menus to parking payments — experts say that vigilance and a healthy dose of scepticism are crucial to staying safe from this evolving threat.
Subscribe to our Newsletter
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.
No Comment! Be the first one.