Target QR Code Scam: Real Code or Fake?

Where Target legitimately uses QR codes

Target uses QR codes in a few specific, well-defined places. Knowing the real list makes fake codes much easier to spot:

• Target Circle deals and coupons. The Target app and Target Circle email newsletters include QR codes that apply discounts at the register. These always resolve to target.com or open the official Target app — never a third-party site.
• In-store pickup and order notifications. When you place a Drive Up or Order Pickup order, the app generates a QR code a team member scans at the door or service desk. You display the code; you do not scan an external one.
• Return and receipt QR codes. Digital receipts and return barcodes in the Target app are scanned by cashiers. Again, the cashier scans your phone — Target never asks you to scan a QR code to initiate a return or retrieve a receipt.
• In-store price-check kiosks and product displays. Some shelf tags and product displays include QR codes linking to target.com product pages or how-to videos. These are printed on official Target signage, not on stickers or loose paper cards.

The rule of thumb: if a QR code at Target asks you to log in, enter payment information, or claim a prize, that is a scam. Legitimate Target QR codes simply add a coupon, open a product page, or confirm a pickup.

How scammers impersonate Target with QR codes

Target's size and brand recognition make it a prime impersonation target. There are three main attack vectors:

1. Sticker QR codes placed over in-store displays

A bad actor walks into a Target, places a pre-printed sticker QR code over an official shelf display or promotional sign, and leaves. The sticker links to a convincing replica of target.com asking for your login or credit card. Look for a raised edge, misaligned placement, or a slightly different print quality — any of those is a red flag. If something looks off, tell a team member and don't scan.

2. Phishing emails and texts spoofing Target

Phishing emails that mimic Target Circle mailings — complete with the Target logo, red color scheme, and “You have a reward waiting” subject lines — increasingly include QR codes instead of text links. The QR code leads to a fake login page designed to harvest your Target credentials or, worse, your payment method. Legitimate Target emails link directly to target.com; they do not ask you to scan a QR code to verify your account or collect a reward.

3. Fake “gift card giveaway” QR codes on social media and flyers

Social media posts, community flyers, and even text messages circulate fake “$100 Target gift card” promotions with a QR code to claim the prize. Scanning leads to a survey or form that collects personal information — and the gift card never arrives. Target does not run giveaways that require scanning a QR code posted on social media or a parking-lot flyer. See also our guide on gift card QR code scams for more on this pattern.

How to verify a Target QR code before you scan

1. Check the physical code for sticker signs. Run your fingernail across it. A ridge or bubble means something has been placed on top of the original. Official Target codes are printed directly on signage, not stuck over it.
2. Preview the URL before opening. Most phone cameras show a URL preview before you tap through. Any destination that is not target.com or a recognized Target subdomain is unsafe — close immediately.
3. Use QRsafer to pre-check the link. QRsafer decodes the QR code and runs the destination URL against threat intelligence databases before your browser ever loads it. A clean result takes under a second; a flagged result keeps you off a phishing page.
4. When in doubt, go directly to the app. If you received an email or text claiming to be from Target with a QR code attached, open the Target app directly instead of scanning. Your real Circle offers and order status will be there if they are legitimate.

What to do if you already scanned

1. Close the browser immediately — do not enter any information and do not tap any buttons on the page.
2. If you entered your Target login: change your password at target.com right away. Check your Target Circle balance and recent order history for unauthorized activity or gift card redemptions.
3. If you entered payment details: call your bank or card issuer immediately. Report the potential fraud, request a card replacement, and ask about any pending charges.
4. Report the physical code to a Target team member so they can remove it and protect other shoppers.
5. File a report at reportfraud.ftc.gov and, if you received the code by email or text, forward the message to spam@uce.gov.

Large retailers are a favorite backdrop for QR code fraud precisely because shoppers trust the brand. The same tactics appear across grocery chains — see our breakdown of grocery store QR code scams for the full pattern.

Frequently asked questions