FBI Warns iPhone and Android Users: Do Not Use These Codes

The Federal Bureau of Investigation (FBI) has issued a warning to iPhone and Android users about a new threat that is quickly spreading across the globe. The threat, which involves QR codes, has already been observed in over 4 million attacks, with more than half of them occurring in just the first half of 2025 alone.

According to Proofpoint, a cybersecurity firm, QR codes have "burst on the scene" in 2023 and are now being rapidly adopted by threat actors as a way to evade traditional detection methods. These attacks involve sending unsolicited packages containing a QR code to victims' homes, which, once scanned, lead to malicious software that steals sensitive data from their phones.

"Criminals are sending unsolicited packages containing a QR code," the FBI warns. "And once scanned, victims provide personal and financial information while unknowingly downloading malicious software that steals data from their phone." The problem is that it's impossible to tell if a QR code is a threat just by looking at it.

This makes these threats particularly dangerous for users who are accustomed to scanning QR codes with their phones for instructions, menus, or other purposes. However, the FBI advises users not to scan QR codes from unknown origins, as they may be designed to steal sensitive data such as login credentials, credit card numbers, or personal information.

These attacks are socially engineered to convince you to scan the code, and once you do, you're redirected to a fraudulent website that can steal your sensitive data. The FBI emphasizes that if you happen to scan a scammer's bad code, you could end up giving them access to your device. This could allow attackers to access your contacts, download malware, or send you to a fake payment portal.

"If you make a payment through a bad QR code, it's difficult, if not impossible, to get those funds back," the FBI warns. The bureau advises users to be cautious when encountering unsolicited packages or QR codes in their daily lives, as these threats have evolved much like other scams.

Why Are QR Code Scams So Effective?

According to Proofpoint, attacks that target people are all about hacking human nature. In a world where your phone helpfully offers a link whenever it sees a code, without any of the link protection or warnings in other apps, it's easy to see why these attacks are surging.

"These threats exploit our natural tendency to trust technology and follow instructions," says Proofpoint. "They also take advantage of our reliance on QR codes for convenience and speed." By understanding how these threats work and being aware of the risks involved, users can take steps to protect themselves against these types of attacks.