QRsafer LogoQRsafer
QR Code Scams at Clothing Stores and Fitting Rooms: What Shoppers Should Know
← Back to blog

QR Code Scams at Clothing Stores and Fitting Rooms: What Shoppers Should Know

Clothing stores lean heavily on QR codes — for hang tags, fitting room mirrors, loyalty programs, and promotional displays. Most are legitimate. Here are the four ways scammers exploit them, and how to spot the difference in seconds.

2026-05-11 · QRsafer Team

Clothing stores have normalized QR codes in ways few other retail environments have. You scan a hang tag to see how a fabric is made, scan a fitting room sign to request a different size, scan a loyalty display to earn points. The habit is so routine that most shoppers do it without looking at where the code actually takes them.

That's the opening scammers use. Here are the four clothing store and fitting room QR code scams worth knowing about — and how to check before you tap.

1. Hang-tag and sticker swaps over brand codes

Hang tags — the small cards attached to garments — increasingly carry QR codes that link to brand lookbooks, sustainability reports, or product detail pages. A scammer browsing the sales floor can press a small fraudulent sticker directly over the original code in a matter of seconds.

When you scan it, you land on a page that mimics the brand's site and prompts you to "create an account," "claim your loyalty offer," or "verify your size preference" — requests that harvest your email, password, or payment details.

What to watch for: Run a fingernail around the edge of any QR code on a hang tag. A slightly raised or misaligned label is a sign something has been placed on top. And before entering any information, read the URL in your browser. A convincing brand clone will often have a single character changed — "norrthface.com" instead of "thenorthface.com."

2. Fitting room wall QR codes

Fitting rooms are low-surveillance spaces, which makes them easy targets for tampering. Retailers place QR codes on fitting room walls for a range of legitimate purposes: Wi-Fi login, style surveys, associate call buttons, or size request forms.

Because these codes are rarely checked by staff, a fraudulent replacement can stay in place for days. The scam code typically leads to a fake Wi-Fi captive portal or a "shopping rewards" page that asks for your name, email, and credit card number.

Simple rule: A QR code in a fitting room should never require payment information. Wi-Fi portals for retail stores don't need your card number — only your email at most. If the page requests financial details, close it immediately and flag it to a store employee.

3. "Exclusive discount" codes handed out by strangers posing as staff

This scam is less about tampered hardware and more about social engineering. A person dressed to blend in with store staff approaches shoppers near checkout and offers a printed card or flyer with a QR code for an "exclusive member discount" or a "today-only offer."

The QR leads to a fake rewards portal that collects your email, phone number, and credit card to "activate" the discount. No discount is applied; the data goes directly to the scammer.

Red flag: Real retail discounts are applied at the register by a cashier or through the store's official app — not via a QR code handed to you by a stranger. If someone you don't recognize is handing out discount QR codes on the floor, treat it with the same skepticism you'd apply to a stranger asking for your wallet. Politely decline and verify any promotion at the customer service desk.

4. Online shopping redirect scams via in-store QR codes

Some retailers place QR codes near displays or dressing room mirrors to help shoppers "continue browsing" or "shop the look online." Scammers exploit this by placing their own code that redirects to a convincing copycat storefront.

The fake site displays real product photography, sometimes pulled directly from the retailer's actual website, and offers items at a steep discount. Victims who purchase receive nothing — or receive cheap counterfeits — while their card details are captured.

Before you buy: Confirm the URL in your browser matches the retailer's known, official domain. If the deal looks drastically better than anything on the real site, treat that as a warning. Real in-store QR codes lead to the same prices you'd find walking through the front door.

Keeping it in perspective

The overwhelming majority of QR codes in clothing stores are exactly what they look like. This isn't a reason to stop scanning — it's a reason to take two seconds before you tap. Learn how to spot a malicious QR code before you scan, and stay alert to fake coupon QR code scams that often target retail shopping environments.

How QRsafer helps

Point QRsafer at any code — on a hang tag, a fitting room wall, or a promotional display — before your browser opens anything. It inspects the destination URL against threat intelligence databases and tells you whether it's safe, risky, or dangerous. A swapped sticker or a freshly created phishing domain gets flagged before you enter a single character.

Download QRsafer for iOS or Android and scan with confidence the next time you're trying on jeans.

FAQ

Are QR code scams common at clothing stores?

They're less common than at gas stations or parking kiosks, but they do happen — and clothing stores offer several easy entry points. Hang tags, fitting room wall cards, and promotional display stickers can all be covered with a fraudulent QR label in seconds. The low-pressure, browsing environment means most shoppers scan without pausing to verify the URL.

Is it safe to scan a QR code on a clothing hang tag?

Usually yes — most hang-tag QR codes link to the brand's official product page or care guide. The risk arises when a scammer places a sticker over the original code. Before entering any personal or payment information, glance at the URL in your browser's address bar and confirm it matches the retailer's actual domain, correctly spelled and without extra hyphens or subdomains.

What should I do if I scanned a QR code in a fitting room and it asked for my credit card?

Don't enter anything. Close the tab immediately. If you already submitted card details, call your bank to report potential fraud and request a replacement card. Alert a store employee so the QR code can be inspected and removed. Then follow the steps in our guide on what to do if you've scanned a suspicious QR code.

How does QRsafer protect me while shopping?

Open QRsafer and point it at any code before your browser loads the destination. It checks the URL against threat intelligence databases and returns a Safe, Risky, or Dangerous verdict in seconds. A freshly registered phishing domain, a URL that doesn't match the expected retailer, or a known malicious redirect will be flagged before you tap through — so you can put the item back on the rack and tell staff.