FBI warns of new scam targeting smartphone users via QR codes in strange packages

If you use a smartphone, you could be the target of a new form of fraud, with the risk of losing money in your account without even knowing it.

According to a warning from the FBI's Pittsburgh office, this is an updated version of the previously popular 'brushing scam'. In the old method, the bad guys sent the product to a random address and used the recipient's information to post fake reviews. But the new version has increased the danger level by including QR codes in the packages.

QR code – a simple 'trap'

The FBI says unexpected packages often come without sender information or a return address. Curiosity leads many people to accidentally scan the QR code that comes with it, revealing personal or financial information and installing malware that can steal data from the target's phone. With
just a scan of the code, criminals can access bank accounts, credit cards, digital wallets, or even stock data. Victims can have their money withdrawn or their data sold without them even knowing.

Why dangerous?

The scary part about this trick is the combination of curiosity and the habit of using smartphones for most daily transactions. It is a reminder that not all QR codes are safe. The FBI recommends users

1. Do not open or scan QR codes in packages of unknown origin.
2. Always check access permissions carefully when installing applications or accessing websites.
3. If you suspect you've been targeted, change your passwords immediately, monitor your credit reports for unusual transactions, and report the incident to the FBI's IC3 portal.

Although originating in the US, this scam has the potential to spread globally, especially in the context of the booming e-commerce. With just one accidental scan of a code from your smartphone, you can easily become a victim of online scammers.

Samuel Daniel

Update 20 August 2025