Is the QR Code at Target Safe to Scan? Here's the Quick Answer

Q: Are QR codes on Target price tags and shelf labels safe?

QR codes on official Target shelf labels and price tags are safe — they are generated by Target and link to target.com product pages or the Target app. The risk is a physical sticker placed over the real code by someone who is not a Target employee. Before scanning, check for raised edges or misalignment that suggest a sticker overlay. If something looks off, report it to a team member and do not scan.

Short answer: yes — official Target QR codes are safe. QR codes on Target in-store displays, Target Circle loyalty kiosks, and the Target app link to target.com and are controlled by Target. The risks are (1) physical sticker swaps placed over legitimate in-store codes and (2) phishing emails and texts that impersonate Target with a fake QR code. Here's how to tell the difference before you tap.

Where Target legitimately uses QR codes

Target uses QR codes in several well-defined places across its stores and digital channels:

Target Circle loyalty kiosks. In-store kiosks and app screens display QR codes so cashiers can scan your rewards at checkout. These are generated inside the Target app and always link back to target.com or app deep-links — not third-party URLs.
Price tags and product shelf labels. Some shelf tags carry a QR code that links to the product's target.com listing, reviews, or the Target app product detail page. Legitimate codes always resolve to target.com.
Endcap and promotional signage. Seasonal and promotional displays may include QR codes linking to campaign landing pages on target.com. These are the most physically accessible codes — and the easiest for a bad actor to tamper with using a sticker.
Email and app notifications. Target sends promotional emails containing QR codes for coupons or offers. Legitimate Target emails come from addresses ending in @target.com and QR codes inside them resolve to target.com. Any other sender domain is a red flag.
Paper coupons and flyers. In-store flyers and weekly-ad inserts sometimes include QR codes for digital coupons. These are a higher-risk surface because counterfeit Target coupons are a known fraud vector.

The three scenarios — and their real risk level

1. In-store QR codes on shelf tags, endcaps, and kiosks — low risk

QR codes embedded in official Target displays are generated and managed by Target. The risk is physical tampering — a bad actor places a pre-printed sticker over the real code in seconds. This is the same attack seen at grocery stores and Walmart. Before scanning, run your fingernail lightly over the code — a raised edge or misalignment suggests a sticker has been applied. The URL preview after scanning should begin with target.com. If it doesn't, close the browser immediately.

2. QR codes in emails or texts claiming to be from Target — moderate to high risk

Phishing messages impersonating Target are common. They arrive as emails ("Your Target order has shipped — scan to track"), texts ("Your Target account is locked — verify now"), or fake coupon promotions. The QR code inside leads to a convincing fake login or payment page that harvests your credentials or card details.

Before scanning any QR from a message claiming to be Target: check that the sender's email domain is exactly @target.com (not target-deals.com, target-rewards.net, or anything similar). When in doubt, go directly to target.com or the Target app instead of scanning.

3. Paper coupons and flyers with Target QR codes — moderate risk

Counterfeit Target coupons are a recognized fraud vector. Fake coupons circulate on social media and in parking lots with QR codes that redirect to data-collection or payment-harvesting sites. Real Target digital coupons are clipped inside the Target app or at target.com/circle — they are not distributed as standalone printed QR codes in unofficial flyers.

If a coupon or flyer looks unofficial — no address, no expiration date, urgency language like "scan now before it expires" — skip scanning and go to Target.com/circle directly to see current offers.

The one-second check before you scan

After your phone decodes a QR code, it shows a URL preview before opening the browser. Glance at it — the address should begin with target.com (or a Target app deep-link starting with target://). If the URL looks unfamiliar, has a hyphen or extra words in the domain (target-deals.com, gettarget.com), or uses a link shortener, close the prompt and don't scan.

Use QRsafer. QRsafer reads the QR code and checks the destination URL against threat intelligence before your browser loads anything — giving you a safety verdict in under a second, even for shortened or redirected links.
Check for sticker overlays. Lightly touch the QR code surface. A sticker feels slightly raised at the edges compared to a printed code.
Verify the sender domain. For emails and texts, confirm the message comes from an @target.com address before trusting any QR code inside it.

What to do if you already scanned and something felt off

Close the page immediately without entering any credentials or payment information. Do not tap any buttons on the suspicious page.
If you entered your Target login: go to target.com and change your password right away. Check your Target Circle account and recent orders for any unauthorized activity. Enable two-factor authentication if available.
If you entered payment details: call your bank or card issuer immediately to report potential fraud and request a card replacement. Credit card disputes are covered under the Fair Credit Billing Act.
Tell a Target team member. Point out the QR code on the display. If it's a sticker swap, they can remove it and protect other shoppers.
File a report at reportfraud.ftc.gov with any screenshots of the code and the page it opened. Reports help the FTC track scam patterns.

Frequently asked questions

Are QR codes on Target price tags and shelf labels safe?

QR codes on official Target shelf labels are safe — they link to target.com product pages or the Target app. The risk is a physical sticker placed over the real code by someone who is not a Target employee. Before scanning, check for raised edges or misalignment. If something looks off, report it to a team member and do not scan.

Is a QR code in a Target email or text safe to scan?

Not always. Scammers routinely impersonate Target in phishing emails and smishing texts. Before scanning, verify the sender's email domain ends in @target.com and use QRsafer to preview the destination URL. If in doubt, go directly to target.com or the Target app instead of scanning the QR code.

What should I do if I scanned a Target QR code and landed on a suspicious page?

Close the browser immediately without entering any information. If you already entered your Target credentials, change your password at target.com right away and review your account for unauthorized activity. If you entered payment details, call your bank to report potential fraud. Tell a Target team member and file a report at reportfraud.ftc.gov.

Check before you scan — every time

QRsafer previews any QR code destination and flags unsafe links before you ever open them. Free on iOS and Android.

Download for iOS Download for Android