Can a QR Code Add a Device to Your Account?
Yes, in some apps a QR code can approve a linked device or browser session. That is useful when you start the flow yourself. It becomes dangerous when someone else sends you a QR code and claims you must scan it to verify, unlock, or protect your account.
How the scam works
- An attacker opens a legitimate device-linking screen on their own computer.
- They send you the QR code from that screen and invent a reason to scan it.
- Your scan approves their browser, phone, or desktop app as a linked device.
- The attacker may read messages, receive account alerts, or keep access until you remove the device.
This pattern often appears in WhatsApp QR scams, Telegram QR scams, Signal QR scams, and Discord QR scams.
What to do now
- Open the real app or website directly, not through the QR link.
- Review linked devices, active sessions, and browser logins.
- Remove any device, browser, or session you do not recognize.
- Change the password if the account has one.
- Review MFA devices, recovery email, recovery phone, and connected apps.
- For work accounts, contact IT because device linking can expose internal chats or files.
If the scan also asked for a code or approval, read can a QR code bypass two-factor authentication.
Frequently asked questions
Can a QR code link someone else's device to my account?
Yes, but only in apps or services that support QR device linking, and usually only if you scan a code that authorizes the link. The QR code itself is not magic; it acts like an approval step.
Which accounts are most at risk from QR device-linking scams?
Messaging, chat, email, crypto, workplace, and collaboration accounts are common targets because linked devices can read messages, receive codes, or maintain access after the first scan.
What should I do if I scanned a QR code to verify or link a device?
Open the real app or website, review linked devices and active sessions, remove anything unfamiliar, change your password, review MFA methods, and check forwarding or recovery settings.
Are QR login flows always unsafe?
No. They are common in legitimate apps. The safe version starts from a service you opened yourself. A QR code sent by a stranger, support agent, email, or chat message should be treated as suspicious.
Check QR login links before you trust them
QRsafer previews QR destinations before they open, which helps you avoid fake verification and device-linking prompts.
