- QR codes are the new creative gateway for cybercriminals
- 26 million may already have been at risk of becoming victims
- Tips to stay safe include keeping your phone updated
Have you scanned a QR (Quick Response) code recently? Then you might want to take a second look at the black-and-white pixel matrix, as there is a significant chance that you may have already been unwittingly lured into a QR code or ‘quishing’ scam, warns NordVPN.
QR codes are everywhere. Since their debut over 20 years ago, a growing number of services – such as paying for parking, picking up packages, ordering concert tickets or ordering pizza – have increasingly relied on these versatile 2D barcodes.
Cybercriminals have also recognized their potential and have increasingly used so-called ‘quishing’ as a method of financial fraud and data theft. Alarming data from TechRadar’s top-rated VPN suggests that many of us may have already fallen victim. In fact, as many as 26 million people could have been lured into a phishing scam by clicking on a malicious QR code.
It’s a trap!
Over the years, retailers, financial institutions and marketers have replaced traditional barcodes with QR codes, with the advantage that they can store large amounts of data and instantly link users to websites, apps or digital content when scanned with a smartphone.
However, fraudsters have also integrated them into both physical and digital fraud, boosted by AI to make these attacks faster and more effective.
Marijus Briedis, CTO at NordVPN, explains: “Unlike traditional phishing emails, where people have learned to see the warning signs, a physical QR code seems inherently trustworthy.”
As a result, fraudsters have increasingly taken advantage of a malicious e-commerce technique called ‘brushing’. This involves sending unexpected packages with cryptic notes urging recipients to scan a QR code to learn more, only to be redirected to phishing websites.
Unlike traditional phishing emails, a physical QR code seems inherently trustworthy
Marijus Briedis, NordVPN’s CTO
NordVPN warns that real-life examples include Amazon appearing to have sent packages that were never ordered with a QR message encouraging recipients to claim non-existent rewards as part of larger fraud operations.
Previous quishing scams also involved fake payment QR codes placed in parking lots where victims unwittingly ended up sending money to criminals.
One particularly emotionally manipulative scam tricks victims into scanning QR codes by convincing them that doing so will provide proof that their partner is cheating on them.
Because QR codes are so versatile for creative scam tactics, their use in fraud has skyrocketed. According to reports from cyber security experts at KepNet, 26% of all malicious links are now embedded in QR codes.
NordVPN has been at the forefront of the fight against fraud, bolstering its Threat Protection Pro features – including email protection that scans links for phishing threats, as fraud blocking remains its top priority in 2026. Last week, the VPN provider blocked 92% of malicious websites in tests conducted by AV-Comparatives.
How to stay safe?
Although important for protecting your data, a virtual private network (VPN) will not prevent you from scanning for malicious code yourself. Although studies show that Brits are actually pretty good at spotting phishing scams, NordVPN encourages us to remain vigilant by following some easy preventative steps.
Briedis’ advice is clear: “Treat any unexpected QR code with the same suspicion as you would a link from an unknown sender in your inbox.”
Before scanning a QR code, make sure you know who sent it and verify that the company requesting the scan is trustworthy.
Since most smartphones allow you to view links, check if the URL looks unusual or suspicious.
Keep your security measures activeincluding VPN protection, and be wary of QR codes found in unusual ways or places.
And if this is old news to you, be sure to share it with anyone who isn’t aware: after all, one user a day might just keep these scammers at bay.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
