Is a QR code at a concert or event venue safe to scan?
Usually yes if it is an official sign, but scammers sometimes place fake QR code stickers over legitimate venue codes to redirect you to phishing pages.
Last reviewed: 1 June 2026
Explanation
QR code sticker attacks ('quishing') occur when fraudsters print and stick fake QR codes over official ones in high-traffic locations such as event venues, museum displays, and public transport. At a venue the fake code may lead to a convincing fake merchandise shop or 'exclusive offer' page that harvests your card details. Warning signs include a QR code that is slightly misaligned, has a sticker texture different from the sign behind it, or leads to a URL that does not match the event's official domain. Before scanning any QR code at an event, check whether it looks physically authentic and preview the URL before opening it fully. If the URL looks unfamiliar, close it and visit the official event website directly.
Common red flags
- QR code appears to be a sticker placed over another surface
- Code is slightly misaligned or has a different texture to the sign beneath
- URL preview does not match the event's official domain
- Page asks for card details to access a 'special offer'
- Multiple QR codes in the same area with subtle differences
What to do now
- Check the QR code physically for sticker overlays before scanning
- Preview the URL before opening and verify it matches the official domain
- Access merchandise and offers directly through the official event website
- Report suspect codes to venue staff
Frequently asked questions
How do I preview a QR code URL before visiting it?
Most phone cameras show a URL preview before you tap to open it. Some QR scanner apps also show the full link first. Read the URL carefully before proceeding.