Is "qr code on restaurant menu sent me to a weird site" a scam?

Question

Is "qr code on restaurant menu sent me to a weird site" a scam? How do I know, and what should I do?

Accepted Answer

Yes — this matches a known scam pattern. Scammers paste fake QR codes over real ones on parking meters, EV chargers, restaurant menus, and shipping labels. Scanning the fake code opens a convincing payment page that steals your card details — or installs a malicious app prompt. Red flags: The QR code is a sticker pasted over another (often look closely — you'll see the edge) • The page after scanning asks for credit card details, account login, or to download an app • URL after scan is unusual ('paypaay.com', 'parkin-pay.io', shortlinks) • Page does not match the merchant's known brand • Code is in a high-traffic outdoor location: parking meter, public charger, package on porch. What to do: Look at the QR code before scanning. If it's a sticker on top of another sticker or label, do not scan • When the URL appears, check it against the merchant's known domain BEFORE entering anything • For parking: use the city's official app (Park Mobile, MeterUp, etc.) installed beforehand — not a QR code on the meter • If you entered card info on a fake page, dispute the charges with your card issuer and replace the card • Report to the FTC at https://reportfraud.ftc.gov and the FBI's IC3 at https://www.ic3.gov.

Is “qr code on restaurant menu sent me to a weird site” a scam?

How to tell

What to do right now