Can a QR code alone hack my phone?

Not usually. A QR code is just a URL. The danger comes from the website it leads to, which might attempt to steal your data or trick you into downloading malware.

Is it safe to scan QR codes in restaurants?

Generally yes, but check if the code is part of the original table print. If it's a loose sticker, it could have been placed there by an attacker.

How can I safely scan a QR code?

Use a QR scanner app that shows you a preview of the URL before opening it. Never enter your password or credit card info on a site you reached via a public QR code.

QR Safety

Verify suspicious QR codes before you scan.

QR code phishing, or 'Quishing,' is an increasingly common way for scammers to bypass traditional link filters. By embedding malicious URLs inside a QR code, they can lead you directly to a phishing site or malware download on your smartphone.

Security Insight

Public QR codes on parking meters, restaurant menus, and posters are frequently tampered with. Scammers simply stick a new QR code over the legitimate one to redirect payments or harvest login data.

Identifies 'Quishing' phishing sites

Spots fake Payment QR codes

Protects your mobile device

Analyze a QR Code Link QR Safety Guide

How to spot a QR Code Scam

A QR code is just a visual link. Watch out for these physical and digital red flags before scanning any code in a public or unsolicited context.

The 'Sticker Over' signal

If a QR code on a public sign (like a parking meter or bus stop) looks like a sticker placed over the original print, do not scan it.

QR Codes in Emails

Receiving a 'Security Alert' or 'Invoice' email that asks you to scan a QR code to resolve the issue. This is a common way to bypass desktop-based link scanners.

Unexpected 'Payment Required'

Scanning a menu or info code that immediately asks for your credit card details or a 'small fee' to view the content.

Automatic App Download

A QR code that leads directly to an '.apk' or '.ipa' file download instead of a standard website. This is a primary delivery method for mobile malware.

What IsThisSpam checks before you trust a sender

Quick verdicts are useful, but the real value is understanding why something looks safe, uncertain, or risky.

Mismatched Domain Names

When you scan a code, your phone shows a preview of the URL. If the URL doesn't match the brand or service you expect, cancel immediately.

URL Shortener usage

Scammers use bit.ly or tinyurl inside QR codes to hide the final destination. A legitimate business will almost always use their own branded domain.

High-Pressure urgency

Messages like 'Scan now to prevent account lockout' or 'Scan for your 90% discount' are used to panic you into scanning without checking.

Unusual geographic origins

The QR code leads to a domain registered in a high-risk country that has nothing to do with the local business you are visiting.

Related guides

Use the checker for the fast answer, then read the deeper guidance for recurring scam patterns.

URL Scam Checker

Broad guide for identifying deceptive links and domains.

Read the guide

Link Safety Checker

Learn how to verify the safety of any link before clicking.

Read the guide

FAQ

These are the questions people usually ask right before they click, reply, or pay.

Got a screenshot or attachment? Our AI can analyse it.

Free scan first, deeper analysis when you need it

Check the sender before you trust the message.

Start with a fast scan, then move to SuperScan when the message involves money, account access, or sensitive documents.

Analyze a QR Code Link QR Safety Guide