I got a text or email asking me to scan a QR code to 'verify' my event ticket — is this safe?
Treat it with suspicion. Legitimate ticketing platforms don't ask you to scan a QR code from an unsolicited message to 'verify' a ticket you already hold — this pattern is commonly used to steal login credentials or payment details.
Last reviewed: 5 July 2026
Explanation
This is a form of quishing, or QR-code phishing, applied to event tickets. A message arrives claiming there's an issue with your ticket, a need to 'reconfirm' your seat, or a chance to 'upgrade' for free, and asks you to scan a QR code. The code leads to a fake login page that mimics the ticketing platform, capturing your username and password, or a fake payment page that captures card details under the guise of a small 'verification fee.'
QR codes are especially effective for scammers because phones often can't preview the destination URL the way a computer browser can, and many people have learned to distrust suspicious links in text but not yet learned the same caution around QR codes. Scammers also favor them because email spam filters that catch obvious phishing links sometimes don't scan the text hidden inside an image-based QR code.
Real ticketing platforms handle ticket verification within their own app or website, using your existing login — they don't send unsolicited QR codes by text or email that require you to 'reconfirm' or pay again for something you've already bought.
Common red flags
- Unsolicited text or email asking you to scan a QR code for a ticket you already purchased
- Message claims urgency, such as a ticket about to be cancelled unless you act
- QR code leads to a login page requesting your username and password again
- A 'small fee' is requested to 'reactivate' or 'confirm' a ticket
- Sender address or phone number doesn't match the platform's known official contacts
- Message contains generic greetings rather than your name and specific order details
What to do now
- Don't scan QR codes from unsolicited ticket messages — log into the official ticketing app or site directly instead
- Check your ticket status through the app you originally purchased from
- If you already scanned the code and entered credentials, change that password immediately and enable two-factor authentication
- If you entered payment details, contact your card issuer to flag possible fraud
- Report the message as phishing to the platform it claims to be from
- Delete the message and don't forward the QR code to others
Frequently asked questions
What is 'quishing'?
Quishing is phishing conducted through QR codes rather than clickable links. The QR code hides the destination URL, making it harder to spot a fake site before you land on it.
How do I check my ticket is genuine without scanning a suspicious code?
Log directly into the official ticketing app or website using a bookmark or a manually typed address, and view your order there. Never use a link or code sent in an unsolicited message.