QRsafer LogoQRsafer

I Scanned a QR Code and Got Signed Up for Something — What to Do Right Now

You scanned a QR code and now you're getting subscription confirmation emails, unexpected charges, or membership welcome messages you never asked for. This is recoverable — here's exactly how it happened and what to do first.

Why this happens: three common paths

A QR code can't sign you up for anything on its own — it can only open a URL. But what happened on that page is one of three things:

  • Dark-pattern landing page. The page had pre-checked opt-in boxes, fine-print billing terms, or a misleading “claim your free access” button. Tapping “continue” or “submit” was all it took — the enrollment was built into the button, not a separate confirmation step.
  • Phishing page that used your credentials. The QR code led to a fake login page mimicking a real service. When you entered your email and password, the attackers used them to create or access a real account elsewhere — sometimes activating a paid trial tied to a payment method already on file.
  • Browser autofill submitted your details. Some malicious pages are built to trigger your browser's autofill on page load, pre-populating and sometimes auto-submitting a form with your name, email, and saved payment details before you realized what was happening.

Knowing which scenario applies helps you contact the right parties. In all three cases, the steps below get you to resolution.

Do these things now, in order

1. Find the confirmation email and identify the service

Search your inbox for emails sent around the time you scanned the QR code. Look for subject lines like “Welcome,” “Your account is ready,” “Subscription confirmed,” or “Your free trial has started.” Note the service name, the email address that sent the confirmation, and any account or subscription ID mentioned.

If the confirmation contains a real cancellation link, use it immediately — even before contacting your bank. A documented cancellation request strengthens your dispute case.

2. Cancel the subscription directly

If you can log in to the account, go to the service's account or billing settings and cancel. If you can't log in — because the phishing page created the account with a different password — contact the service's support team directly. Say: “An account was created using my email without my authorization. I need this account cancelled and any charges reversed.” Most legitimate services will act on this quickly.

For genuinely fraudulent services — ones that don't respond or have no real support — go straight to your card issuer to dispute the charges.

3. Dispute any charges with your card issuer

Call the number on the back of your card and report the charge as unauthorized or deceptive. Say: “I was enrolled in a subscription without my informed consent after scanning a QR code. I'd like to dispute this charge.” Under the Fair Credit Billing Act, your issuer must investigate and typically provides provisional credit within a few days.

Have the confirmation email and the URL from your browser history ready — the fraud team will want documentation. You can also request a replacement card number if you're concerned the page captured your payment details for future use.

4. Check whether your credentials were used elsewhere

If the QR code led to a page where you entered your email and password, those credentials may have been used to access or sign up for other accounts — not just the one you already found. Do this now:

  1. Change the password on any account where you use the same email-and-password combination.
  2. Enable two-factor authentication on your email account first — it's the master key to everything else.
  3. Check your email's “sent” folder and inbox for any password-reset emails or new account confirmations you didn't initiate.
  4. Review active sessions in your email and any financial accounts and revoke any you don't recognize.

Will you get a refund?

In most cases, yes. Card issuers routinely refund charges from deceptive subscriptions — especially when enrollment resulted from a dark pattern or phishing page. The key factors that help your dispute:

  • You disputed quickly (within days to weeks, not months)
  • You have documentation: the confirmation email and the URL from your browser history
  • You also attempted to cancel directly with the merchant before or alongside the dispute

Even if you technically clicked something on the page, issuers recognize deceptive enrollment practices and side with cardholders more often than not. Be persistent — escalate to a supervisor if the first representative declines.

How to prevent this from happening again

  • Preview QR codes before your browser opens them. QRsafer shows you the destination URL and flags suspicious pages before they load — stopping the dark-pattern page before it can display any opt-in form.
  • Never enter your login credentials on a page you reached via an unexpected QR code. If a page asks you to log in, navigate directly to the service's website instead of using the QR-linked page.
  • Disable browser autofill on payment and personal details. In Safari, go to Settings → Safari → Autofill and toggle off Credit Cards and Contact Info. In Chrome, go to Settings → Autofill. This removes the vector for form-submission attacks.
  • Read before you tap. On any page reached via QR code, pause before tapping any button. Scroll to see if there are pre-checked boxes or fine-print billing disclosures below the fold.

Frequently asked questions

Can a QR code sign me up for something without my knowledge?

Not without some action on your part — but that action can be nearly invisible. Pre-checked opt-in boxes, misleading “claim your access” buttons, and autofill-triggered forms can all complete an enrollment before you realize it. The QR code brought you to the page; the sign-up happened there.

How do I cancel a subscription I was unknowingly enrolled in?

Find the confirmation email, identify the service, and use the cancellation link or contact their support with the words “unauthorized enrollment.” If you can't log in or the service is unresponsive, go straight to your card issuer and dispute the charge — you don't need to wait for the merchant to cooperate.

Will I get a refund for charges from a subscription I didn't intend to sign up for?

Usually yes. Credit card issuers routinely refund deceptive subscription charges under the Fair Credit Billing Act, especially when you dispute promptly and have documentation. Debit cards carry the same dispute rights if reported within 60 days of the statement date. File the dispute with your bank and let them handle the merchant — you shouldn't need to negotiate directly.

See where a QR code goes before anything loads

QRsafer previews the destination URL and checks it for threats before your browser opens it — so a dark-pattern subscription page or phishing site gets flagged before you can tap anything on it. Free on iOS and Android.

Download for iOSDownload for Android

Related guides