Advertisement

New scam uses QR codes to steal information

By
Public safety
April 15, 2025
QR dose paste up by id-iom, licensed under CC BY-NC 2.0.

A new type of scam is utilizing quick response or QR codes to steal people’s sensitive information.

On April 10 police responded to a report of several packages sent to a resident who did not order them. Within these packages were QR codes. Police informed the resident that this was a combination of a quishing and brushing scam.

According to a spokesperson for the Waltham Police Department, quishing is the newest type of scam that the department is seeing.

According to the United States Postal Inspection Service, quishing scams use QR codes to commit identity fraud.

“Whatever the new technology is, scammers find a way to turn it into a scam,” said Steve Weisman, a senior lecturer in Bentley University’s law department who runs a blog site called scamicide.com that tracks trending scams.

Weisman explained that scammers use social media messages and emails to distribute these QR codes. The messages and emails pose as companies that people are familiar with in an attempt to steal usernames, passwords and financial information. If the codes are scanned, potential victims are taken to fake websites where they are asked to enter their information.

Weisman said that some scammers use artificial intelligence to create these fake sites, making them appear much more legitimate than in the past.

Meanwhile, in brushing scams e-commerce vendors send their items to random addresses in an attempt to boost their products’ reviews. 

Scammers first find random addresses on the internet and set up fake accounts on e-commerce websites with positive reviews about the products they are selling. Then sellers send packages to the addresses to make it seem like the reviews are connected to a verifiable purchase. 

According to the United States Postal Inspection Service, there have been similar reports across the country of people receiving these unsolicited packages containing quishing QR codes.

Advertisement

Other common types of scams

Waltham police said another common scam involves fake apartment listings.

Scammers pose as landlords, real estate agents and property managers and fraudulently list apartments on social media.

The Waltham police spokesperson said scammers sometimes set up fake appointments for an apartment tour and then cancel at the last minute because they often don’t have access to the inside of the property.

Scammers will then ask for money for security deposits or move-in fees through Cash App or Venmo and then cease contact with victims once they receive the money.

During tax season, scams involving people posing as the Internal Revenue Service are common as well.

The WPD spokesperson said people have reported receiving threatening phone calls from scammers claiming to be from the IRS. Callers tell victims that they owe money on unpaid taxes and threaten them with legal action if they don’t comply.

Additionally, reports of a smishing (a text message-based scam) involving EZDriveMA, the state’s electronic tolling system, have been on the rise over the past year.

“A lot of people are falling for this,” said Weisman.

Weisman also said scammers have taken advantage of the Real ID deadline of May 7 to send fraudulent emails claiming to be from the Registry of Motor Vehicles.

These emails claim that people can apply online for Real IDs and then attempt to convince users to click links that infect their computers with malware. Real IDs can only be applied for in person at a Registry of Motor Vehicles Service Center or AAA locations.

Steps for protection

As new technology develops, so do scams, but people can take steps to prevent themselves from becoming victims.

“The best way to protect yourself is to be informed,” said the WPD spokesperson.

Weisman said he advises people to use dual factor authentication for securing important accounts. This type of authentication requires users to provide additional forms of identity such as a phone number or email when logging into websites, adding an extra layer of security.

Weisman also stressed the importance of confirming the legitimacy of requests for personal information. Any request for information through a phone call, email or text should be confirmed with the company, government agency or bank that the request claims it’s from.

Know, too, that the IRS only initiates contact through mail, so if someone does owe unpaid taxes they will receive a letter instead of a phone call, text or email.

Weisman explained that scammers are emotional manipulators.

“They lure people into thinking that there’s some kind of an emergency, and you need to act fast,” he said.

This scare tactic is an attempt to make people more susceptible to making impulse decisions, namely providing financial information or sending money to someone they don’t know.

So if you receive a concerning message asking for money or personal information, don’t panic, because that’s exactly what scammers are hoping for.

Author
Christian Maitre

Christian Maitre is a freelance journalist covering education, public safety and local government in Greater Boston. He writes for The Waltham Times and reports for The Newton Beacon and WATD-FM. A graduate of Ithaca College’s journalism program, he developed his reporting skills at WICB-FM, the campus radio station, covering protests, small businesses, and numerous other subjects.  In his free time, he enjoys watching baseball and exploring the restaurants along Waltham’s Moody Street.

Related Articles
Woman allegedly sprays labradoodle in eyes with aerosol spray
By
Public safety
May 7, 2026
Rat control will require action by both residents and the city
By
Government
May 7, 2026
Healey’s Ride Safe Act would set speed‑based rules for e‑bikes, mopeds and scooters
By
Government
May 7, 2026
Close the CTA
Heading
Close the CTA