# What to Do If You Scanned a Suspicious QR Code > Immediate response steps to contain damage if you interacted with a potentially malicious QR destination. URL: https://www.qrsafer.com/blog/what-to-do-if-you-scanned-a-suspicious-qr-code Published: 2026-05-04 --- # What to Do If You Scanned a Suspicious QR Code If you scanned a suspicious QR code and interacted with the destination, move quickly. Fast containment reduces long-term impact. The FBI received over 800 complaints specifically about QR code fraud in the first half of 2023, reporting losses of over $5.8 million. Most victims acted within the same session — scanning, entering data, and losing access before they realized something was wrong. The faster you act, the more you can contain. If you want the short version first, read [What Happens If You Scan a Fake QR Code?](/what-happens-if-you-scan-a-fake-qr-code) for the plain-language risk breakdown and quick response checklist. If the incident involved a payment at a meter or kiosk, read [What to Do If You Paid Through a Fake Parking Meter QR Code](/what-to-do-if-you-paid-through-a-fake-parking-meter-qr-code) for parking-specific dispute and reporting steps. The response depends on what happened after the scan: - If you only previewed the link and never opened it, your exposure may be limited. - If you opened the page, entered credentials, approved a payment, or installed anything, assume follow-up action is required. - If you are unsure, treat the incident as exposed until you confirm otherwise. ## 1. Disconnect and close Close the browser tab and disconnect from Wi-Fi or cellular data if you suspect malware downloads, aggressive pop-ups, or active redirection chains. If a file started downloading, pause and review the device before reconnecting. ## 2. Change critical passwords Start with email, banking, payment apps, and any account that reuses the same password. Use unique passwords and enable multi-factor authentication everywhere possible. The FTC recommends changing any password reused across accounts, starting with email — because email controls password resets for everything else. ## 3. Review financial activity Check recent charges, transfers, wallet approvals, and payment authorizations. Report suspicious transactions immediately through official bank channels. ## 4. Run security scans Use trusted mobile or endpoint security tools to scan for malicious apps, profiles, downloads, or configuration changes. On iPhone, review installed profiles and recent Safari downloads. On Android, review recent app installs and sideloaded APKs. ## 5. Report the malicious code Report the location to venue owners, the impersonated business or platform, local authorities when appropriate, or your internal security team so others are protected too. ## Final takeaway Quishing incidents are manageable when response is immediate. Focus first on credentials, payment exposure, and device integrity. For prevention, read [How to Spot a Malicious QR Code Before You Scan](/blog/how-to-spot-a-malicious-qr-code-before-you-scan). If you want protection before the next tap, [get QRsafer for iPhone](/app/ios?source=blog&campaign=post_scan_response&asset=suspicious_qr_article). ## See also - [What Happens If You Scan a Fake QR Code?](/what-happens-if-you-scan-a-fake-qr-code) - [What Is Quishing?](/blog/what-is-quishing) - [Fake Parking Meter QR Code Scam](/fake-parking-meter-qr-code-scam) - [Gas Station QR Code Scam](/blog/gas-station-qr-code-scam) - [QR Code Threat Map](/threat-map)