How do I tell if a QR code is safe before scanning?

The five-second check covers context (does the code make sense in this location), physical inspection (printed on material vs sticker applied over another code), URL preview (does the domain match the expected organization), what the destination asks for (unexpected credential requests are a red flag), and independent verification (navigate to the site directly if uncertain).

What does a safe QR code URL preview look like?

A safe URL preview shows a domain that matches the organization you expect — paypal.com for a PayPal payment page, talkingqrcodes.com for a talking QR player, mcdonalds.com for a McDonald's menu. Lookalike domains with number substitutions, hyphenated additions, or misspellings indicate potential fraud.

Is a sticker QR code always unsafe?

Not always, but sticker codes warrant more scrutiny than directly printed codes. A sticker code on a legitimate business's material is likely safe. A sticker applied over a printed code on a public fixture — parking meter, ATM, official signage — is a known fraud vector and should be reported to the managing authority.

What should I do if a QR code asks for credentials unexpectedly?

Do not enter any information. Close the browser. Navigate to the organization's official website independently by typing the URL to verify whether a login is legitimately required. Report the suspicious code placement to the business or authority managing the location.

How to Tell If a QR Code Is Safe Before Scanning — The 5-Second Check

Most QR codes are safe. The ones that are not safe are identifiable before scanning with a five-second check that requires no technical knowledge — just attention to context and URL awareness.

The 5-Second QR Code Safety Check

Step 1 — Context:

Step 2 — Physical inspection: Is the code printed on the material or applied as a sticker over another code? Run your finger over the code. A raised edge, a visible sticker border, or a code that does not match the surrounding print material quality indicates potential tampering. Applied stickers on official surfaces are the primary attack vector for QR code fraud.

Step 3 — URL preview: After your phone camera reads the code, a URL preview appears before navigation completes. Does the domain name match the organization you expect? Is it the real domain — paypal.com — or a lookalike — paypa1.com, paypal-secure.com? If the preview URL looks wrong, do not tap through.

Step 4 — What it asks for: After scanning, does the page immediately ask for login credentials, payment information, or personal data? A legitimate QR code destination at a restaurant shows a menu. At a parking meter it shows a payment interface you recognize. Unexpected credential requests on any QR code destination are a red flag regardless of how legitimate the page looks.

Step 5 — Independent verification: If uncertain, navigate to the organization's website independently by typing the URL in the browser rather than following the QR code link. A legitimate destination can be reached either way.

Talking QR Codes Pass the Safety Check

A talking QR code passes every step of the safety check — the context is a physical business placement, the URL preview shows members.talkingqrcodes.com, the destination plays a voice message and displays the business name and official website without requesting credentials or payment information.

The 5-Second QR Code Safety Check

Talking QR Codes Pass the Safety Check

Ready to Make Your QR Code Talk?