Uber Eats QR Code Scam: What It Is and What to Do

The three Uber Eats QR code scams

1. Customer phishing — fake failed delivery or account suspension

You receive a text or email claiming your Uber Eats account has been suspended, a recent delivery could not be confirmed, or your payment method needs to be updated. The message urges you to scan a QR code to "re-confirm your address," "restore access," or "fix a declined payment." Scanning opens a convincing Uber Eats login lookalike that captures your email, password, and sometimes your saved payment details in seconds.

Uber Eats never contacts customers by text with a QR code to verify accounts or recover deliveries. All order status updates, receipts, and support tickets are handled entirely within the Uber Eats app or at uber.com. If you receive one of these messages, go directly to ubereats.com and log in there — never through a QR code or link sent by text.

2. Free order promotion scam — fake bonuses and referral codes

Fraudsters advertise "free first order," "$25 credit," or "Uber One upgrade" promotions via QR codes on social media, flyers near universities, or stickers on restaurant windows. Scanning takes you to a page that asks you to log in to "activate the offer" — harvesting your account credentials and any stored payment method. No credit ever arrives because there is no real promotion.

Real Uber Eats promotions are applied automatically inside the app or through a verified promo code you enter at checkout. Uber never requires you to scan an external QR code to unlock a discount.

3. Driver-targeting scam — fake restaurant pickup codes

This variant targets Uber Eats delivery partners. Fraudsters contact drivers through unofficial channels or create fraudulent listings, then send a QR code claiming to be a "special order pickup confirmation," a "restaurant voucher," or a "route verification code." Scanning takes the driver to a phishing page or downloads a fake Uber Eats driver app designed to steal account credentials and direct-deposit banking details.

Legitimate Uber Eats delivery flows — pickup notifications, order details, and restaurant check-in — all happen inside the official Uber Driver app. No external QR code is ever required to accept or complete a delivery. If you receive one of these codes as a driver, do not scan it and report it through the Uber Driver app's support channel immediately.

Why Uber Eats never uses QR codes this way

Uber Eats' entire delivery workflow — order placement, driver dispatch, real-time tracking, delivery confirmation, and support — is contained within the Uber Eats app. When Uber Eats needs to contact you about your account or a delivery issue, it uses verified push notifications and emails from uber.com addresses.

There is no step in any legitimate Uber Eats customer or driver flow that requires scanning an externally supplied QR code. That is the tell: any QR code arriving by SMS, WhatsApp, or from a contact outside the app is operating entirely outside Uber's verified systems.

What to do right now

1. If you entered your Uber Eats login, go to ubereats.com or open the Uber Eats app immediately, change your password, and sign out of all active sessions. If you use the same password for your Uber rideshare account, change that too.
2. If you entered card or bank details, call your card issuer right away, report the information as compromised, request a new card number, and ask about reversing any pending or unauthorized charges.
3. Report to Uber Eats. Open the app, go to Help, and report the fraudulent QR code. If a driver was involved, include the order number so Uber can investigate the account.
4. File an FTC complaint at reportfraud.ftc.gov. This creates a formal record and contributes to fraud-pattern tracking that helps protect other customers and drivers.
5. Report to the FBI's IC3 at ic3.gov if you lost money or significant personal data was exposed.
6. Save evidence. Screenshot the QR code, any pages it opened, and all messages you received. You will need these for your bank dispute and any law enforcement report.

How to protect yourself going forward

• Manage your Uber Eats account only inside the app or at ubereats.com. Never log in through a QR code or link received by text or email.
• Scan unfamiliar QR codes with QRsafer first. QRsafer previews the destination URL against threat databases before you open it. If the link does not resolve to an official uber.com or ubereats.com domain, it will flag the risk before any page loads.
• Enable two-factor authentication on your Uber account. Even if a scammer captures your password, two-factor authentication blocks access without your confirmation code.
• Access promotions only through the app. Real Uber Eats promos appear in the "Promos" tab inside the app — never through an external QR code in a text or on a flyer.

Frequently asked questions