Spotify QR Code Scam: What It Is and What to Do

How Spotify QR code scams work

Spotify is one of the world's most recognized apps, which makes it a frequent target for impersonation. Scammers know that people are used to Spotify QR codes — the app genuinely uses them to share music — so a fake code blends in easily. There are three main variants:

• The "your Premium is expiring" phishing QR. You receive a text or email that looks like a Spotify notification — "Your Premium subscription is expiring soon. Scan to renew for free." The QR code takes you to a pixel-perfect fake Spotify login page. Entering your credentials hands them directly to the attacker, who then takes over your account.
• Fake Spotify gift card QR codes. On social media or in-store displays (sometimes as printed stickers placed over legitimate gift card QR codes), you see an offer for free Spotify credits. The QR links to a payment-harvesting page that collects your card details under the guise of "activating" or "claiming" the credit. No credits ever arrive.
• "Spotify Wrapped" or exclusive playlist QR codes in DMs. A message — often from a contact whose account has been compromised — shares a QR code to "see your Spotify Wrapped early" or access an exclusive playlist. The link leads to a fake Spotify login page that steals your username and password.

All three variants exploit the same psychology: Spotify is a trusted brand, QR codes feel native to the app, and the offer (free Premium, free credits) is compelling enough to lower your guard.

What makes a Spotify QR code legitimate vs. a scam

Spotify does use QR codes — but only in one specific way: the codes generated inside the Spotify app to share a song, album, artist, or playlist. Those codes are safe because they link directly to Spotify's own platform.

What Spotify does not do:

• Send unsolicited QR codes via text or email to renew, upgrade, or fix your account
• Offer free Premium upgrades through QR codes on social media or in stores
• Ask you to scan a QR code to "verify" your account or payment details
• Send gift card QR codes outside of official in-store displays

If a QR code arrives unsolicited and promises anything account-related — free Premium, a gift card, account recovery — treat it as a scam until proven otherwise. This pattern is identical to the broader fake giveaway QR code scam that targets users of popular platforms.

What to do if you scanned the QR code

Your next steps depend on whether you took any action after scanning:

1. If you only landed on a page but didn't enter anything: You're almost certainly fine. Close the browser tab, clear your browser cache, and move on. Simply visiting a phishing page without submitting data exposes very little.
2. If you entered your Spotify login credentials: Go to spotify.com on a trusted device and change your password immediately. Under Account → Security and privacy, sign out of all devices to terminate any active attacker sessions. Enable two-step verification. If you reuse this password elsewhere, change it on every other account.
3. If you entered payment details: Call your bank or card issuer right away to report the fraud and request a new card number. Monitor your statements for unauthorized charges. File a report at reportfraud.ftc.gov.
4. If you were sent the code by a contact: Let them know their account may be compromised so they can secure it and stop the scam from spreading to others in their network.

Frequently asked questions