QR Code Scams on Facebook
Scammers post QR codes in Facebook ads, posts, and Messenger that lead to phishing pages or malware, hiding the destination behind a scannable image.
Part of: QR-Code Scams (Quishing)
Last reviewed: 1 June 2026
On Facebook, QR codes appear in ads promising deals, in posts advertising giveaways, and in Messenger chats offering to 'speed up' a payment or login. The code's image gives away nothing about where it leads, and scanning shifts the action to a phone.
Facebook is a neutral platform; the harm comes from the concealed destination. Scammers favour QR codes because a tappable link can be flagged or previewed, whereas a code hides its target and exploits the casual willingness to scan for a discount or a prize.
How this scam works on Facebook
A post, ad, or Messenger message presents a QR code to claim a discount, enter a giveaway, complete a payment, or log in to a 'verified' service. You are encouraged to scan it with your phone.
Scanning opens a phishing page mimicking a login or payment screen that harvests your details, or it triggers a malicious download. The scam may pose as a brand promotion or a friend's recommendation, especially via a hacked account.
The ease of scanning and the lure of a reward are designed to bypass the scrutiny you would give a visible link.
Common red flags
- A Facebook post, ad, or message presents a QR code to scan for a deal or login
- The code's destination is hidden behind the image
- You are promised a discount, prize, or faster payment for scanning
- Scanning opens a login or payment page requesting your details
- The code came from an unfamiliar page or a contact's possibly hacked account
- You are urged to scan quickly before an 'offer' expires
How to protect yourself
- Do not scan QR codes from Facebook ads, posts, or Messenger
- Reach services by typing their official address rather than scanning
- Preview a code's URL before opening it if your scanner allows
- Never enter credentials or payment details on a page reached from a scanned code
- Verify with a friend separately if a code seems to come from them
- Report the post or ad and block the account within Facebook
How to report it
- Use Facebook's 'Report' tool on the post, ad, or Messenger chat
- Report the impersonation to the brand being spoofed via its official site
- File a report with your national fraud or cybercrime reporting centre
Frequently asked questions
Is it safe to scan a QR code for a Facebook giveaway?
Be cautious. The code hides where it leads and may open a phishing or malware page. If the offer is genuine, you can reach it by typing the brand's official website. Avoid scanning codes from unfamiliar pages or unexpected messages.