What should I do if I scanned a Lowe's QR code and something felt off?

Close the browser immediately without entering any information. If you already entered your Lowe's account credentials, go to lowes.com and change your password right away, then review your PRO account and order history for unauthorized activity. If you entered payment or card details, call your bank immediately to report potential fraud and request a card replacement. Alert a Lowe's associate about the suspicious code and file a report at reportfraud.ftc.gov.

Is the QR Code at Lowe's Safe to Scan? Here's the Quick Answer

Q: Are QR codes on Lowe's shelf labels and product packaging safe?

Yes — QR codes printed on official Lowe's shelf tags and product packaging are safe. They link to lowes.com product pages, installation guides, or the Lowe's app and are generated by Lowe's or verified manufacturers. The main risk is a physical sticker placed over the real code. Before scanning, check for raised edges or misalignment — especially in tool and appliance aisles where tampering is most common. If something looks off, alert a store associate and don't scan.

Q: Is a QR code in a Lowe's PRO or contractor email safe to scan?

Not always. Scammers frequently impersonate Lowe's PRO emails with fake "activate your PRO discount" or "exclusive contractor pricing" QR codes that lead to phishing login pages designed to steal PRO account credentials and stored payment cards. Before scanning, verify the sender's email domain ends in @lowes.com — not lowes-pro.com or any variation. When in doubt, sign in directly at lowes.com or in the Lowe's app instead of scanning.

Short answer: yes — official Lowe's QR codes are generally safe. QR codes on Lowe's shelf labels, product packaging, the Lowe's app, and PRO loyalty displays link to lowes.com and are controlled by Lowe's or its verified vendors. The risks are (1) physical sticker swaps over in-store codes — especially in high-theft tool and appliance aisles, (2) phishing emails targeting PRO contractors and Lowe's loyalty members, and (3) fake rebate or discount flyers with counterfeit QR codes. Here's how to tell the difference before you tap.

Where Lowe's legitimately uses QR codes

Lowe's uses QR codes throughout its 1,700+ stores and digital channels in several well-defined places:

Product shelf labels and signage. Many Lowe's product displays include a QR code linking to the product's lowes.com page, installation guides, how-to videos, or the Lowe's app. Legitimate codes always resolve to lowes.com or the Lowe's mobile app.
Product packaging and manuals. Manufacturers print QR codes on boxes, installation guides, and warranty cards that link to setup videos or brand support pages. These are generally safe, though high-demand tool and appliance packaging is a known target for counterfeit products.
Lowe's PRO loyalty program. Contractors and PRO customers use QR codes in the Lowe's app to manage purchases, claim volume discounts, and access job-lot pricing. These are app-generated codes pointing to official Lowe's infrastructure.
In-store kiosks and seasonal displays. Lowe's seasonal and promotional kiosks may display QR codes for product lookups or offer activations. Codes on official Lowe's equipment are safe; the risk is a sticker placed over the real code between staff checks.
Email and direct-mail promotions. Lowe's sends promotional emails and mailers to consumer and PRO customers that sometimes include QR codes for seasonal deals or rebate submissions. Legitimate Lowe's emails come from addresses ending in @lowes.com. Any other sender domain is a red flag.

The three scenarios — and their real risk level

1. In-store shelf and product QR codes — low risk

QR codes embedded in official Lowe's product displays and shelf labels are generated by Lowe's or its verified manufacturers. The risk is physical tampering — someone places a pre-printed sticker over the real code in seconds. This is the same sticker-swap attack documented at Home Depot and other large retailers. At Lowe's, high-traffic tool, power equipment, and appliance aisles carry the highest tamper risk — items with high resale value attract the most fraud activity. Before scanning, run your fingernail lightly over the code surface. A raised edge or misalignment suggests a sticker has been applied. The URL preview after scanning should begin with lowes.com. If it doesn't, close the browser immediately and alert a store associate.

2. Lowe's PRO and contractor email QR codes — moderate risk

Lowe's heavily markets to contractors via email with job-lot pricing, volume discounts, and PRO loyalty offers — and scammers exploit that familiarity. Phishing emails impersonating Lowe's PRO send fake “activate your PRO discount,” “unlock your contractor rate,” or “your account needs verification” messages, each containing a QR code that leads to a convincing fake lowes.com login page.

Contractors are high-value targets: their accounts often hold purchase-order history, stored payment cards used for large-volume buys, and saved job-site addresses. Before scanning any QR code from an email claiming to be from Lowe's: verify the sender's domain is exactly @lowes.com — not lowes-pro.com, lowespro.net, or any variation. When in doubt, sign in directly at lowes.com or in the Lowe's app rather than scanning the code.

3. Rebate QR codes on packaging or flyers — moderate risk

Fake rebate and discount scams are a documented fraud pattern at home improvement retailers. Counterfeit flyers — printed to look like official Lowe's or manufacturer rebate forms — circulate in store parking lots, appear on community boards, and spread on social media. The QR code on the flyer leads to a fake rebate-submission page that harvests your name, address, email, phone number, and sometimes card or bank details “to issue your rebate.”

Real Lowe's rebates are submitted through the manufacturer's official rebate portal or through lowes.com — never via a QR code on an unofficial flyer. If you received a rebate offer that was not part of a confirmed in-store purchase or a verified Lowe's receipt, treat its QR code as high risk and verify directly at lowes.com before submitting any information. See also: fake coupon and discount QR code scams.

The one-second check before you scan

After your phone decodes a QR code, it shows a URL preview before opening the browser. Glance at it — the address should begin with lowes.com (or a Lowe's app deep-link). If the URL contains a hyphen, extra words, or an unfamiliar domain (e.g., lowes-rebate.com, prolowes.net), close the prompt and don't proceed.

Use QRsafer. QRsafer reads the QR code and checks the destination URL against threat intelligence before your browser loads anything — delivering a safety verdict in under a second, even for shortened or redirected links.
Check for sticker overlays. Lightly touch the QR code surface. A sticker feels slightly raised at the edges compared to a printed code. High-risk aisles: tools, power equipment, and large appliances.
Verify the sender domain. For emails and mailers, confirm the message comes from an @lowes.com address before trusting any QR code inside it.
Confirm rebates at lowes.com directly. Never submit rebate information via a QR code from an unofficial source — always go to the official Lowe's website or the manufacturer's rebate portal.

What to do if you already scanned and something felt off

Close the page immediately without entering any credentials, card details, or personal information. Do not tap any buttons on the suspicious page.
If you entered your Lowe's login: go to lowes.com and change your password right away. Review your PRO account, saved payment methods, and recent order history for any unauthorized activity. Enable two-factor authentication if available.
If you entered payment or card details: call your bank or card issuer immediately to report potential fraud and request a card replacement. Credit card disputes are covered under the Fair Credit Billing Act.
Tell a Lowe's associate. Point out the QR code on the display or shelf label. If it's a sticker swap, they can remove it and protect other shoppers and contractors.
File a report at reportfraud.ftc.gov with any screenshots of the code and the page it opened. Reports help the FTC track and disrupt scam operations targeting retail customers.

Frequently asked questions

Are QR codes on Lowe's shelf labels and product packaging safe?

Yes — official Lowe's shelf and product QR codes link to lowes.com and are safe. The main risk is a physical sticker placed over the real code, most commonly in tool and appliance aisles. Before scanning, check for raised edges or misalignment. If something looks off, alert a store associate and do not scan.

Is a QR code in a Lowe's PRO or contractor email safe to scan?

Not always. Scammers frequently impersonate Lowe's PRO with phishing emails targeting contractors. Before scanning, verify the sender's email domain ends in @lowes.com and use QRsafer to preview the destination URL. When in doubt, sign in directly at lowes.com or in the Lowe's app instead of scanning.

What should I do if I scanned a Lowe's QR code and landed on a suspicious page?

Close the browser immediately without entering any information. If you already entered your Lowe's credentials, change your password at lowes.com right away and review your account for unauthorized activity. If you entered payment details, call your bank to report potential fraud. Tell a Lowe's associate and file a report at reportfraud.ftc.gov.

Check before you scan — every time

QRsafer previews any QR code destination and flags unsafe links before you ever open them. Free on iOS and Android.

Download for iOS Download for Android