How Do I Know if a QR Code is Fake or Safe?

QR stands for Quick Response, and QR codes are everywhere. They’re the square, black-and-white series of lines and geometric dots you photograph with your phone to reveal information or launch a website. Restaurants now use them to display their menus, product tags use QR codes to describe the best uses, and QR codes are used to pay for parking in some cities.

As soon as QR codes became common and people got comfortable using them, scammers followed with a new twist on an old cyber-attack.  It’s important to know how to spot fake QR codes and avoid them to protect your personal information and accounts.

Consider the tools at your disposal: if you suspect a scam, do a phone lookup, or check email records to determine if the website that the QR code presents is legitimate.

The Most Common Types of Fake QR Codes

QR codes are everywhere, and scammers try to take advantage of people who use them in a rush or in a casual atmosphere where the users could be more careful. The most common place to find faked QR codes include:

  • Restaurant menus: In most cases, scammers can link a QR code to a website that looks like the restaurant menu you’re expecting, but the fake site is designed to steal your credit card information or other details you enter (perhaps your email and password).
  • Parking: Cities that use online parking apps often provide a QR code generator that enables visitors to pay for parking on their phones. Scammers substitute their QR codes that take visitors to fake websites that steal information like credit card numbers that visitors believe are input to pay for parking.
  • Phishing emails: Emails from companies you regularly do business with are not unusual, but some may incorporate QR codes along with messages that tell you to log onto your account (using the QR code) because there’s an issue with your PIN. However, the QR code provided takes you to a spoof website that can record any login information you enter.
  • Sweepstakes or special offers: Messages you get through social media, email, or text messages with QR codes that offer fabulous discounts, free money, or other deals that involve immediate action should raise red flags. Ignore QR codes in unsolicited messages because they are very likely scams.
  • Cryptocurrency scams: An email telling you that you need to pay a fine or that you’ve been chosen for a great deal should be viewed skeptically, especially if cryptocurrency is involved. Using a QR code to launch a currency converter and pay your bill in cryptocurrency. Again, a message like this is just an opportunity for a scammer to steal your account information and money.
  • Unexpected package: When a package arrives that you didn’t order, avoid using any QR code on it to determine who sent it or what to do with the contents. QR codes in this context are designed to pique your interest and lower your defenses. Your excitement about an unexpected gift may prompt you to jump in and click on the QR code without thinking, only to have your personal information stolen.

fake qr code

Warning Signs of Fake QR Codes

There are common issues with fake or spoofed websites designed to steal information. It’s important to recognize these signs:

  • Urgency: Anytime a message tells you that you must act quickly before the offer expires, you should step back and think rationally about it.
  • Misspellings: Examine the URL of the website that the QR code takes you to. A fake site is likely to contain extra letters or to have letters transposed, such as
  • Unprofessional appearance: Compare the website that the QR code launches to the website you usually use to log in to your bank account. A fake site is likely to use low-resolution images, less information, and look less professional.
  • Alternative methods of payment: Requests from official organizations, the government, your bank, or your employer are unlikely to seek payment for a fine in any currency other than US dollars. Be skeptical when you receive an “official” request for payment in gift cards, cryptocurrency, or by telegram.

Warning Signs of Scams

Any unanticipated message from an official source should be considered skeptically. Scams attempt to spoof all kinds of sources, whether it’s your favorite store, your bank, your employer, or an online streaming service that you enjoy. These messages may tell you there's a package waiting for you (just scan the QR code to confirm your address), or that your PIN has been compromised and should be entered on their site.

Protect Yourself from QR Code Scams

Once you learn to recognize the signs of a scam there are a few other steps to protecting yourself. Checking the URL of the destination website through your phone’s camera preview feature is one way to determine if a QR code is legitimate. Avoid downloading QR scanner apps, which may introduce malware onto your phone. Examine the QR code to determine if someone has tampered with it, including sticking a new code over the official one on a document or sign. If QR codes are a regular part of your day, consider a secure scanner app that will flag fake QR codes. Experts say to avoid QR code apps as most phone cameras are capable of reading QR codes and a few apps have themselves been scams that steal the user’s personal data. 

If you have reason to believe that an email from your bank or employer is legitimate, close the message and go to their website using your normal method rather than the QR code provided. By entering the destination URL in the navigation pane you will bypass any fake site linked to the QR code.


We are so accustomed to using our phones for everything that we often let down our guard when it comes to incoming messages or using apps. Maintaining a skeptical attitude about any unexpected requests or messages is a good first defense against scams.

When a message has an urgent request it’s best to examine the message and the destination URL closely. Before sending money in response to any request, try contacting the business or agency yourself to confirm the legitimacy of the request.