PlayStation QR Code Scam: PSN Phishing, PS5 Prizes, and Gift Card Fraud

The three PlayStation QR code scams

Variant 1 — PSN account suspension phishing. The most common attack. A text or email arrives with PlayStation's logo claiming your PSN account has been suspended, compromised, or restricted. A QR code inside the message directs you to "reactivate your account" or "verify your identity." The destination is a pixel-perfect fake of the PSN sign-in page. When you enter your email and password, those credentials are sent directly to the attacker — who can then drain your PSN wallet, make purchases with any saved payment card, and lock you out of your account. These attacks spike during major PlayStation events such as console launches, State of Play announcements, and holiday sale periods.

Variant 2 — "You won a PS5" prize scam. QR codes appear on social media ads, Discord servers, YouTube video descriptions, and Reddit comments claiming the recipient has been randomly selected to receive a PlayStation 5, a gaming bundle, or a year of PlayStation Plus Extra. Scanning leads to a fake prize-claim page that asks for personal information and a "shipping and handling fee" paid by credit card. No prize is ever delivered; the card details and personal information are the real target. The same fake giveaway QR code scam mechanics are used across gaming platforms — urgency and excitement are the levers that bypass skepticism.

Variant 3 — PlayStation gift card QR code fraud. Scammers sell fake PSN wallet credit codes on secondary marketplaces — eBay, Craigslist, Facebook Marketplace, and Discord "trading" channels — sometimes presenting the code as a QR image for convenience. In one sub-variant the code has already been redeemed by the seller before the sale completes. In another, the QR code links to a phishing page that asks for a PSN login to "redeem your credit," harvesting the account rather than delivering any balance. Legitimate PSN gift cards are available only at major retail partners and the official PlayStation Store — never from a stranger on a secondary market.

Sony never sends PSN verification or prize QR codes

This rule has no exceptions: PlayStation and Sony never send unsolicited QR codes to manage your account, verify your identity, claim a prize, or upgrade your subscription — not by email, not by text, not through social media. Every legitimate PSN account action happens inside the PlayStation app, on your console, or directly at playstation.com.

If a QR code asks you to log in anywhere other than the official PlayStation sign-in, that page is fake. Attackers register domains that look similar to Sony's — for example "playstation-rewards.com," "psn-verify.net," or addresses with subtle letter substitutions. The simplest defense is to use a QR code safety checker to preview the destination URL before any page loads — a real PSN URL will always contain playstation.com or sonyentertainmentnetwork.com.

The irreversibility of digital transactions makes these attacks particularly damaging. PSN wallet balances spent by an attacker cannot be refunded, and accounts that have been compromised for an extended period may be flagged or banned by Sony for unauthorized purchase patterns. Acting in the first minutes is what makes recovery possible.

What to do if you already scanned

Your response depends on how much information you provided.

If you scanned but did not enter any information: You are almost certainly fine. Close the browser tab, clear your browser cache, and do not return to the page. Simply landing on a phishing page without submitting data does not compromise your account.

If you entered your PSN email and password:

1. Go directly to playstation.com/acct/management on a trusted device and change your PSN password immediately.
2. Enable two-factor authentication if it is not already active — go to Account → Security in your PSN account settings.
3. Review your PlayStation Store purchase history and any saved payment methods for unauthorized charges.
4. Change the password on your email account and any other account that shares the same credentials.
5. Contact PlayStation Support at playstation.com/support to report the compromise and request a review of recent account activity.

If you entered payment card details: Call your bank or card issuer immediately to report potential fraud and request a new card number. Dispute any charges that appear from the PSN or PlayStation Store.

Report the phishing site to the FTC at reportfraud.ftc.gov and to the platform where you encountered the QR code. For a full post-scan recovery checklist, see what to do if you scanned a suspicious QR code.

Frequently asked questions