Is the Amazon Locker QR Code Safe to Scan?
Short answer: yes — the QR code the physical kiosk or Amazon's official email gives you is safe. The scam risk is a spoofed pickup email, not the locker itself. Here is how to tell the difference in about ten seconds.
How Amazon Locker QR codes actually work
When your package arrives at an Amazon Hub Locker, Amazon sends a pickup notification to the email on your account. That email contains a six-digit code and often a QR code. At the kiosk, you either type the digits or hold the QR code up to the scanner. The correct compartment pops open and you take your package. That is the entire interaction.
The QR code encodes your unique pickup credentials. It communicates directly with the kiosk — it does not open a website, does not ask for your Amazon password, and does not redirect you anywhere. If a QR code in a so-called pickup email opens a browser tab and asks you to log in, that is not how Amazon Locker works. Close the tab.
You can also retrieve your code any time from the Amazon app: tap the order, select “View pickup code,” and the app displays the QR code directly. That in-app version is always the safest option.
Where the real scam risk lives: spoofed pickup emails
The physical Amazon Locker kiosk is official Amazon infrastructure and poses no threat. The danger is fake emails that impersonate Amazon's pickup notification. These phishing emails:
- Come from addresses like amazon-locker@notifications-mail.com or pickup@amazn.com — never from amazon.com
- Contain a QR code that opens a fake Amazon login page designed to steal your credentials
- Sometimes add urgency language such as “Your package will be returned in 24 hours — verify your account now”
- May ask for payment to “release” the package — a red flag Amazon would never use
The legitimate Amazon pickup email never asks you to log in or provide payment. Its only purpose is to give you the code.
Three checks before you scan a pickup QR code
1. Verify the sender address
Real Amazon pickup emails come from addresses ending in @amazon.com. Open the full sender details on your email app — not just the display name, which is easy to spoof. If the domain after the @ is anything other than amazon.com, delete the email and use the Amazon app to get your code.
2. Notice what the QR code does
A genuine Amazon Locker QR code opens a compartment — it does not open a browser. If scanning the code opens a web page (especially one that looks like an Amazon login), stop immediately. The kiosk interaction is entirely self-contained.
3. When in doubt, use the app
Open the Amazon app, navigate to Your Orders, find the relevant order, and tap “View pickup code.” The code displayed there is always legitimate. You never have to rely on an emailed QR code if you have the app.
What to do if you already scanned a suspicious locker QR code
- If you only opened the page and immediately closed it without entering anything: you are almost certainly fine. No personal data was transmitted just by the page loading.
- If you entered your Amazon password: go to Amazon.com immediately, change your password, and enable two-factor authentication. Check your account for unauthorized orders or address changes.
- If you entered a credit card number: call your card issuer now to flag potential fraud and request a new card. Monitor statements for unfamiliar charges.
- If you are unsure what you entered: treat it as a compromised password and change it now. Better to take one unnecessary step than to leave a stolen credential active.
Report phishing emails to Amazon by forwarding them to stop-spoofing@amazon.com and to the FTC at reportfraud.ftc.gov.
Frequently asked questions
Is the QR code at an Amazon Locker safe to scan?
Yes. The QR code shown on the physical kiosk screen and the code in Amazon's official pickup email are safe. The kiosk is legitimate Amazon hardware. The scam risk is a spoofed email that mimics the pickup notification — its QR code opens a phishing page instead of your compartment. Always verify the sender is @amazon.com, and use the Amazon app's “View pickup code” option if you have any doubt about an email.
How does the Amazon Locker QR code work?
When your package is ready, Amazon emails you a pickup code — six digits or a QR code. You hold the QR code up to the kiosk scanner, the compartment opens, and you collect your package. The code communicates directly with the kiosk and does not open any website or request any login. If a pickup QR code opens a browser tab, that is a red flag — stop and do not enter any information.
What does a fake Amazon Locker email look like?
Fake pickup emails use a display name like “Amazon Locker” but come from non-Amazon domains — anything other than @amazon.com. They often add urgency (“collect within 24 hours or your package is returned”) and contain a QR code that opens a fake login page harvesting your Amazon credentials. Legitimate Amazon emails never ask you to verify your account or provide payment to retrieve a package. Check the full sender address, not just the display name.
Stop guessing. Know before you scan.
QRsafer checks the destination URL against real-time threat databases the moment you point your camera — giving you a Safe, Risky, or Dangerous verdict before the page even loads. Replace your phone's default scanner and never have to manually inspect a URL again.