You just scanned a QR code. The page loaded. And something feels wrong — but you can't quite say what.
Your instincts are right. Here are the 10 red flags that mean you should close the browser immediately.
1. The page demands urgency
"Your account will be suspended in 24 hours." "Act now to avoid a penalty." "This offer expires tonight."
Urgency is the most consistent feature of QR code scams because it short-circuits rational thinking. Real organizations — banks, government agencies, utility companies — don't operate on 24-hour windows that require you to pay via a QR code you received unexpectedly. IRS scam QR codes, jury duty notices, and fake utility shutoff warnings all rely on this same pressure.
If the page creates urgency, slow down — that's exactly when it matters most.
2. You didn't expect it
Nobody sent you anything. There was no package. No appointment. No account issue. The QR code just appeared — on a flyer, in a text, in an email, on a sticker at a pump.
Unsolicited QR codes are a core attack vector. QR code scam text messages arrive claiming to be USPS, toll agencies, or banks. Quishing emails impersonate Microsoft, Apple, or your bank. If you weren't expecting it, treat it as suspicious until proven otherwise.
3. The URL doesn't match the claimed brand
The page says it's PayPal. The URL says paypa1-secure-payment.net.
Scammers use lookalike domains — swapping letters, adding hyphens, inserting words like "secure," "verify," or "official." Common techniques: replacing l with 1, o with 0, adding -verify or -support, or using a subdomain like paypal.scam-domain.com where the real domain is scam-domain.com.
Before entering anything, look at the full domain in the address bar. If it's not the brand's exact official domain, leave.
4. It asks for a password right away
You scan a QR code. Before you can see anything, you're on a login screen — your email, your bank, your Apple ID.
Legitimate QR codes don't drop you into a login page without context. Tech support QR scams, Microsoft phishing, and Apple ID attacks all funnel victims through a fake login as step one — because credentials are often worth more than payment details.
If the first thing a QR code does is ask for your password, don't type it.
5. It asks for payment or sensitive personal information
A menu QR code should show you a menu. A Wi-Fi QR code should connect you to Wi-Fi. A loyalty sign-up should ask for an email, maybe a name.
If a QR code immediately requests a credit card number, Social Security number, bank account details, or any payment — stop. That's not how legitimate QR codes work. Parking meter scams, fake toll notices, and EV charger scams all use QR codes to present fake payment pages that look exactly like the real thing.
6. The URL uses a shortener or redirector
The QR code resolves to bit.ly/x8k2p or t.co/abcdef — and you have no idea where that leads.
URL shorteners hide the real destination. Legitimate brands sending QR codes in marketing materials sometimes use shorteners, but you should preview where any shortened link goes before opening it. QRsafer expands shortened URLs and checks the final destination so you can see what's actually behind it.
7. There's no HTTPS
Look at the address bar. If the URL starts with http:// — no S — any information you submit is transmitted without encryption. Legitimate payment pages and login pages always use HTTPS.
An HTTP page asking for payment details is not just a scam red flag — it's a technical signal that the operator doesn't care about protecting your data.
8. It asks you to install an app
"To complete your reservation, download our app." A QR code that leads to an APK download or a link outside the App Store or Google Play is asking you to install unverified software on your device.
Real companies direct you to their official listing in the App Store or Google Play. They never ask you to sideload an app via a QR code. Rideshare QR scams and bike-share scams have used this method to push fake payment apps.
9. It asks you to disable a security warning
Your phone or browser is flagging the page. The site tells you to ignore the warning, click "Advanced," or that the warning is a mistake.
It isn't. Browser and OS security warnings exist to protect you. A legitimate site won't ask you to override them. If the site is asking you to dismiss a security alert to proceed, the security alert is correct.
10. It involves a multi-step redirect
You scan the code. It sends you to one page. That page redirects you to another. Then another. By the time you see a login or payment form, you've lost track of where the original QR actually pointed.
Redirect chains are used to obscure the true destination from link-safety tools. The final page may look legitimate, but the path there was designed to bypass detection. If you notice unexpected redirects, close the tab and verify the destination through the organization's official website directly.
What to do if you saw one of these red flags
If you caught it before entering any information: close the tab and you're fine. Run a scan of the QR code with QRsafer to see where it actually pointed.
If you entered a password: change it immediately on the affected service, and enable two-factor authentication if it isn't already on.
If you entered payment details: call your bank or card issuer now, explain you entered your card on a page you believe was fraudulent, and ask them to flag or replace the card.
For a complete step-by-step response, see what to do if you scanned a suspicious QR code.
How QRsafer catches these before you open the page
QRsafer checks the destination URL before your browser navigates to it. It expands shortened links, follows redirect chains, and checks the final domain against threat intelligence. If any of the above red flags appear in the URL path — lookalike domain, suspicious redirect, known phishing host — you see a warning before the page loads.
Scan with QRsafer first. See the destination. Then decide.
Download QRsafer for iOS or Android.