Guides
How to scan a QR code safely on iPhone
Scan QR codes on iPhone the safe way — preview the full URL before opening, spot "quishing" phishing scams, and use a scanner with history and Wi-Fi join instead of paying a weekly subscription.
Last updated June 8, 2026
Direct answer
Point the camera at the code, then read the full destination URL before tapping. If the domain looks wrong, the code was unexpected, or the page asks you to log in or pay, close it and go to the real site yourself. The safest scanners preview the expanded link and keep a history you can check later.
Why “just point the camera” is not always enough
A QR code is opaque — the link is hidden in the pixels, so you cannot judge it the way you would a typed-out web address. Attackers exploit that. Quishing (QR + phishing) puts malicious codes on parking meters, fake parcel-delivery slips, café table tents, and email attachments. The code opens a spoofed login or payment page, and by the time you see it, you have already tapped through.
The built-in iPhone Camera shows a small domain banner, but it is easy to tap by reflex, and it does not warn you about link shorteners or look-alike domains. Reading the full expanded URL first is the single habit that prevents most QR scams.
Safe scan checklist
| Situation | Safe move |
|---|---|
| Code in a public place (meter, poster, flyer) | Treat as unverified. Read the full URL before opening. |
| ”Delivery failed — rescan to reschedule” | Almost always a scam. Go to the carrier’s app or site directly. |
| Page asks you to log in or pay right after scanning | Stop. Navigate to the real site yourself; never enter credentials from a QR link. |
| Shortened or unfamiliar domain | Expand it first. If your scanner can’t, don’t open it. |
| Wi-Fi QR code at a hotel or café | Generally safe — it only joins a network, it doesn’t open a page. |
Scan QR codes with a safety preview — free, no subscription.
Swarmval QR Scanner shows the full URL before you open it, flags suspicious links, keeps a scan history, joins Wi-Fi, and reads barcodes too. Free unlimited scanning, no weekly trap.
FAQ
Is it safe to scan random QR codes? +
Not always. QR phishing — "quishing" — hides a malicious link behind the code. You cannot see where it goes until you tap, so scan with a tool that shows the full URL first, and never enter passwords or payment details on a page you reached from an unexpected code.
What is quishing? +
Phishing delivered through a QR code — on fake parking meters, fake delivery notices, table tents, and email attachments. The code leads to a spoofed login or payment page. It has grown sharply since 2023 because the destination is invisible until scanned.
Does the iPhone Camera show the link first? +
It shows a small domain banner, but it is easy to tap through by reflex and it does not warn about shorteners or look-alike domains. A dedicated scanner can show the full expanded URL and flag suspicious links before you open anything.
Do I need to pay for a QR scanner app? +
No. The built-in Camera scans QR codes free. Swarmval QR Scanner adds safety previews, history, Wi-Fi join, and barcode support — also free, with no weekly subscription. Many App Store QR scanners charge $4.99–$9.99 per week for the same features.
Related pages
- QR Scanner for iPhone
- Password Generator — strong, on-device passwords
- Authenticator (2FA) for iPhone
- All Swarmval apps
Steps
-
Step 1
Open your scanner and frame the code
Point the iPhone Camera (or QR Scanner) at the code from 6–12 inches away. Good light and a steady hand help it lock on instantly.
-
Step 2
Read the full URL before you tap
Look at the link the code resolves to. Check the real domain — is it the company you expect, or a look-alike like "app1e-pay.com"? Be wary of link shorteners that hide the destination.
-
Step 3
Stop if anything feels off
Unexpected code in a public place, a "your package failed" notice, or a request to log in or pay? Close it. Legitimate businesses rarely force a login through a random QR code.
-
Step 4
Only enter details on a verified site
Never type a password, card number, or 2FA code on a page you reached from an unsolicited QR code. Navigate to the company's site directly instead.
-
Step 5
Keep a history you can audit
Use a scanner that logs what you scanned. If a code later turns out to be malicious, you can see exactly where it pointed and what you opened.
Frequently asked questions
Is it safe to scan random QR codes?
Not always. QR phishing — called quishing — hides a malicious link behind the code, and you cannot see the destination until you tap. Scan with a tool that shows the full URL first, and never enter passwords or payment details on a page you reached from an unexpected code.
Does the iPhone Camera show the link before I open it?
The Camera app shows a small banner with the domain, but it is easy to tap through by reflex and it does not warn about shorteners or look-alike domains. A dedicated scanner can show the full expanded URL and flag suspicious links before you open anything.
What is quishing?
Quishing is phishing delivered through a QR code — on fake parking meters, fake delivery-failure notices, restaurant table tents, and email attachments. The code leads to a spoofed login or payment page. It has grown sharply since 2023 because the link is invisible until scanned.
Do I need an app to scan QR codes on iPhone?
No — the built-in Camera scans QR codes since iOS 11. An app is worth it for safety previews of unknown links, scan history, Wi-Fi auto-join, and barcode formats the Camera ignores. Swarmval QR Scanner does all of that free, with no weekly subscription.