Mercari QR Code Scam: What It Is and What to Do

Why Mercari is a prime target

Mercari is one of the few consumer marketplaces that uses QR codes for legitimate purposes. Every time a seller ships an item, Mercari generates a QR code shipping label — printed or displayed on-screen — for USPS, FedEx, or other carriers. Buyers and sellers are conditioned to expect them.

Scammers exploit that familiarity. Because you've seen legitimate Mercari QR codes before, a fake one triggers less suspicion. The attack relies on one assumption: that you won't notice the code came from outside the app.

The four Mercari QR code scams

1. The fake shipping label

A "buyer" messages you — often via text rather than inside the Mercari app — claiming they've purchased your item and attaching a QR code as "your shipping label." When you scan it to confirm or download it, the page asks you to log in to "activate" or "register" the label. That login form goes straight to the scammer.

Real Mercari shipping labels are generated automatically by the platform after a confirmed sale. You access them inside the app under your active listings — you never need to scan a QR code sent by the buyer to get one.

2. The "confirm your address" QR code

A buyer messages you — or you receive a text claiming to be from Mercari — saying there's a problem with your shipping address and you need to scan a QR code to confirm it. The destination is a fake Mercari login page designed to harvest your credentials. Mercari resolves address issues inside its own app; it never asks you to verify anything via an external QR code.

3. The overpayment refund QR code

You receive a message claiming a buyer accidentally overpaid and asking you to scan a QR code to issue a refund. The QR code leads to a payment page — or a fake banking interface — where you end up sending money rather than receiving it. Mercari handles payment disputes entirely within the platform; overpayment refunds never require you to scan anything external.

4. The fake Mercari login page

Some scammers skip the transaction pretext entirely. They send a QR code — by text, email, or in a Mercari message — that leads to a near-pixel-perfect copy of the Mercari login page. Once you enter your email and password, the scammer owns your account and can drain any balance or intercept payments on your active listings.

What to do right now

1. If you only scanned and didn't enter anything, you're likely fine. Check your device for unexpected app installs or new browser extensions.
2. If you entered your Mercari login, change your Mercari password immediately from a trusted device. Also change it on any other accounts using the same password. Enable two-factor authentication on Mercari and your email account.
3. If you entered payment information, call your bank or card issuer to report the transaction as fraud and request a new card number.
4. If you sent money, contact Mercari support and the payment platform used. Wire transfers and person-to-person payments are often irreversible, but reporting immediately gives you the best chance.
5. Report the user to Mercari. Open the transaction or message thread in the app, tap the three-dot menu, and select "Report." Mercari investigates and can suspend fraudulent accounts.
6. File a report with the FTC at reportfraud.ftc.gov and with the FBI's Internet Crime Complaint Center at ic3.gov.

Frequently asked questions