Are QR Codes Safe? What to Know Before You Scan

A QR code is just a way to store text — most often a web link. The code can’t run anything by itself. The risk isn’t the square pattern; it’s where it sends you and what you do next.

How QR scams (“quishing”) work

Scammers print a QR code that leads to a fake login page or a malware download, then stick it over a legitimate one — on a parking meter, a restaurant table, a poster. You scan, land on a convincing copy of a real site, and type in a password or card number.

Habits that keep you safe

• Read the URL before opening it. Good scanners — including our online scanner — show you the full link first. Check the domain matches who you expect.
• Be suspicious of stickers. A QR sticker placed over existing signage is a classic tamper sign.
• Never enter passwords or payments on a page you reached only via an unexpected QR code. Navigate to the site yourself instead.
• Watch for urgency. “Your account will be closed” pressure is a scam hallmark, QR or not.
• Keep your phone updated so the browser’s protections are current.

What’s genuinely low-risk

Scanning to join Wi-Fi, add a contact, open a maps pin, or view a menu is low-risk — the scanner shows you exactly what the code contains before anything happens. Our scanner decodes everything on your device, so the code’s contents are never sent to a server.

Make your own trustworthy codes

Codes you generate here are static — the link is encoded directly with no tracking redirect that could later be repointed somewhere malicious. Create one with the QR code generator, or curious about the technology? Read QR code vs barcode.