TikTok QR Code Scam: What It Is and What to Do
You saw a QR code flash across a TikTok video, or a message in your DMs told you to scan one to verify your account. Here's how these scams work, why TikTok is a prime delivery channel, and exactly what to do if you already scanned.
How QR codes are used to scam TikTok users
There are two main ways attackers deliver malicious QR codes on TikTok:
- QR codes displayed in videos. A scammer creates a video — or hijacks a real creator's account — and shows a QR code on screen. The caption promises an exclusive discount, a free product, a giveaway entry, or a link to a creator's merch. The QR code actually leads to a phishing site, a fake storefront that collects payment without delivering anything, or a page that installs malware on your device. Because TikTok cannot scan QR codes embedded in video frames, these pass through with no warning.
- DM-based account-verification scams. You receive a direct message — sometimes appearing to come from "TikTok Support" or even a contact whose account was compromised — claiming your account is at risk, has been flagged, or needs verification. The message tells you to scan a QR code to "confirm your identity" or "unlock a feature." The QR code opens a fake TikTok login page. When you enter your credentials, the attacker takes over your account immediately.
Both tactics exploit the same behavior: TikTok trains users to follow external links for products, promos, and app downloads. Attackers simply insert a malicious destination into that familiar flow.
This is a form of quishing — using a QR code to deliver a phishing destination that bypasses the platform's own link-screening tools.
How scammers impersonate creators
Creator impersonation makes these scams especially convincing. Attackers use three common methods:
- Cloned accounts. A fake account copies a real creator's profile photo, bio, and username (with a minor variation like an extra underscore). It posts a video nearly identical to a real one but with a different QR code.
- Compromised accounts. If a creator's TikTok account is hacked, the attacker can post videos or send DMs to that creator's existing, trusted followers using the real account. Followers have no reason to be suspicious.
- Paid promotion disguise. Some scam videos mimic sponsored content, complete with branded overlays and professional editing, to make a fake product QR code look like a legitimate affiliate link.
The pattern is similar to WhatsApp QR code scams where compromised contacts spread malicious codes to people who trust them.
What to do if you scanned a TikTok QR code
Your next steps depend on what happened after you scanned:
- If you entered your TikTok login credentials: Go to TikTok's official app immediately and change your password. Enable two-factor authentication. Check your account for any videos posted, profile changes, or DMs sent without your knowledge and report the activity to TikTok support.
- If you entered payment information: Contact your bank or card issuer right away to flag potential fraud and request a new card number. Monitor your statements over the next 30 days for unauthorized charges.
- If you entered an email or password you use elsewhere: Change that password on every site where you use it. Start with email, then banking and financial accounts. Use a unique password for each account going forward.
- If you installed an app or downloaded a file: Delete it immediately and run a security scan on your device. Do not open the file if you haven't already.
- Report the content. Long-press the video or message in TikTok and report it as a scam or phishing attempt. This helps TikTok remove the content and protect others.
- File a report. Report the scam at reportfraud.ftc.gov.
For a full recovery checklist, see what happens if you scan a fake QR code.
Frequently asked questions
Is the QR code in a TikTok video safe to scan?
Not necessarily. Scammers display QR codes in videos — sometimes on hijacked legitimate accounts — that lead to phishing sites or fake stores. TikTok cannot vet QR codes embedded in video frames. Always use a QR scanner that previews the destination URL before opening it.
I got a DM on TikTok with a QR code asking me to verify my account — is it real?
No. TikTok does not send QR codes via DMs to verify accounts. This is a phishing scam designed to steal your login credentials. If you entered your password, change it immediately in the official TikTok app and enable two-factor authentication.
I scanned a QR code from TikTok and entered my payment info — what should I do?
Contact your bank immediately to report fraud and get a new card. Change any passwords you entered after scanning. Monitor accounts for unauthorized charges over the next 30 days. File a report at reportfraud.ftc.gov and report the TikTok video or account directly in the app.
Preview any QR code before your browser opens it
QRsafer checks the destination URL against multiple threat intelligence sources and shows you a Safe, Risky, or Dangerous verdict before anything loads. Free on iOS and Android.