Fake Subscription Cancellation QR Code Scam: What It Is and What to Do

How the fake cancellation QR code scam works

This scam is effective for one simple reason: you genuinely receive cancellation notices all the time, so you rarely scrutinize them. Scammers exploit that habit with three common variants:

1. Phishing email impersonating Netflix, Amazon, Spotify, or a gym. The message mimics a real billing alert — correct logo, color scheme, and footer. It warns that your subscription is expiring, a charge failed, or you're "scheduled for renewal" and must scan a QR code to "confirm your cancellation" or "avoid being charged." The code leads to a convincing fake login page for the service. Once you enter your username and password, the attacker captures your credentials instantly.
2. The "refund your last charge" variant. Instead of a login page, the QR code leads to a form claiming you are owed a refund for an accidental charge. To receive the refund, you're asked to enter your bank account and routing number — which goes directly to the scammer.
3. Physical mailers spoofing gym memberships or magazine subscriptions. A printed notice arrives by mail with official-looking branding for a fitness club or publication. It states your membership is up for renewal and includes a QR code to "manage your account." Physical mail feels more credible than email, so victims are less likely to question it.

In every case, the QR code is used deliberately. Scammers have learned that QR codes in emails bypass spam filters that would flag a suspicious link — a technique known as quishing. They also create distance between the malicious URL and the message itself, making the scam harder to detect at a glance.

Why this scam works so well

The subscription cancellation scam succeeds because it meets you at a moment of low suspicion. You receive these notices regularly from real services. The language — "your subscription renews in 3 days," "action required to avoid a charge," "confirm your cancellation" — triggers a mix of mild urgency and routine action that bypasses your usual skepticism.

The QR code adds one more layer of apparent legitimacy. In a phishing email, a suspicious link might be visible. A QR code hides the destination, so you don't see the red flag until after you've already scanned.

The services most commonly impersonated are those with the highest brand recognition and subscriber counts: Netflix, Amazon Prime, Spotify, Apple iCloud+, gym memberships, and magazine or newspaper subscriptions. Attackers reuse the same phishing template — swapping logo and colors — across all of them.

Red flags to recognize before you scan

• Any QR code in a cancellation or billing message. Legitimate subscription services — Netflix, Amazon, Spotify, your gym — handle cancellations through their apps or websites. They do not send QR codes to manage your account.
• Urgency about an upcoming charge. "You will be billed in 48 hours" or "act now to avoid renewal" are pressure tactics. Real services give plenty of notice and provide clear in-app cancellation paths.
• A sender address that doesn't match the official domain. Check the actual email address, not just the display name. A message claiming to be from Netflix should come from @netflix.com, not @support-billing.net or similar.
• The URL behind the QR code isn't the official domain. Use QRsafer to preview the destination URL before your browser opens it. If it isn't exactly the service's official domain (netflix.com, amazon.com, spotify.com), do not proceed.
• A request for bank account details to process a refund. Subscription refunds are processed through the original payment method. No service will ask for your routing and account number via a QR code form.
• Physical mail from a subscription you don't recognize or haven't used recently. Scammers send mailers broadly, hoping to catch someone who once had a membership and assumes it somehow renewed.

What to do if you already scanned the QR code

How urgently you need to act depends on what you did after scanning:

1. If you entered your login credentials (email and password): Go directly to the real service's website — type the address in your browser, do not use any link from the suspicious message — and change your password immediately. Check for any unrecognized sessions or devices and sign them out. If you reuse that password on other accounts, especially email or banking, change those too.
2. If you entered your credit or debit card number: Call your bank or card issuer immediately to report potential fraud and request a replacement card number. The sooner you call, the better chance you have of reversing unauthorized charges. See our guide on QR code credit card scams for a full checklist.
3. If you entered your bank account or routing number: Contact your bank immediately and report the information as potentially compromised. Depending on your bank, you may be able to place a hold on the account or issue a new account number. File a report at reportfraud.ftc.gov.
4. If you only scanned and looked at the page but entered nothing: You are most likely fine. Scanning a QR code and loading a page does not, by itself, compromise your accounts or install malware on a modern smartphone. The risk is entirely in what you typed.
5. Report the scam. Forward phishing emails to the impersonated company's abuse address (e.g., phishing@netflix.com, stop-spoofing@amazon.com) and file a complaint at reportfraud.ftc.gov. If it arrived by physical mail, report it to the U.S. Postal Inspection Service at postalinspectors.uspis.gov.

For the complete recovery checklist, see what happens if you scan a fake QR code.

Frequently asked questions