- QR phishing, also known as quishing, is a rising scam where attackers try to trick you into scanning fake QR codes
- Cyber criminals can target your personal data, login credentials, bank accounts or try to infect your smartphone with malware
- These QR codes are found everywhere, from parking spaces to museums
You may be used to receiving scam -e emails or texts, but did you know that you can also be scammed through a QR code? This increasingly common form of scam is called quishing – and it has spread quickly again recently.
According to CNBC73% of Americans have scanned a QR code without verifying that the source link was secure and NordVPN has discovered that 26 million have been directed to malicious sites as a result.
In the UK, Action -Svig (National Reporting Center for Fraud and Cyber Crime) in the UK recently revealed that £ 3.5 million had been lost for quishing fraud in the year led to April 2025.
These scams QR codes are used for everything from sending fake payment links to installing malware on your phone. Here’s everything you need to know about the latest quishing attacks and how to protect yourself from them.
What exactly is Quishing?
Quishing is a form of phishing performed completely via a QR code. While it wasn’t so widespread just a few years ago, it skyrocketed under the pandemic when QR codes became more than just a fun little tense.
Over the past few years, QR codes have permeated the fabric in our daily lives. We see them everywhere, from TV commercials to restaurant menu or flyers. Unfortunately, QR codes are in itself opaque. It’s hard to verify how safe a link is with a moment, making these codes easy to manipulate.
The way it works is shockingly simple. Whether the scam QR code appears in an E email or elsewhere, it is always accompanied by something that makes you scan it. Payment transcripts, medical forms or product information are common goals. When you scan the code and click through, you will be taken to the next part of the scam, which is either a site or a script that installs malware in your phone.
Unfortunately, if the code has been manipulated with, the target site is a scam. At best, it steals no matter how much you try to pay for parking; At worst, it can compromise on your phone or your banking legislation information information.
Are QR codes in public places secure to use?
While QR codes found in restaurants or museums act as a safe effort, this is not always the case – no longer.
Unlike phishing emails, QR codes have a strong effect in the real world. It is far too simple for threat actors to manipulate legitimate codes found in public spaces. That said, the threat is much greater on open public spaces rather than indoors.
In a parking space, for example, scammers replace the sticker on the parking meter and lead people to a legitimate looking site where they can pay their parking bill. The same can be done with posters or flyers found almost everywhere.
It is important to remember that this is not niche and it can happen to anyone. Keepnet Labs Found that QR codes are an increasingly common medium to send phishing -links where as many as 26% of all malicious links are delivered that way.
How to remain safe
Quishing, like all other forms of fraud, depends on creating a sense of urgent nature. Whether it is an exciting offer or a serious payment reminder, quishing scammers will have you to scan the code and continue without asking questions. Therefore, the best way to stay in safety is to be vigilant and take your time.
Let’s say you received a QR code embedded in an email that tells you to secure your account, activate Multifaktor approval or get a discount code. Don’t trust it right away – it can be a scam. Even a legitimate looking email address may not mean that you are in the clear, as scammers can hijack accounts to send these QR codes.
To remain in safety, do not take any unexpected e -mail to face value. If a service tells you that your account has been compromised, do not scan any codes in that e email. Instead, go to the site or app directly and change your login credentials there without interacting with the content of the E email.
When facing QR codes in places where they might have been manipulated with, it’s better to take your time instead of scanning the code quickly. In a parking lot, do not scan the code – go directly to the address. Only QR codes that are physically impossible for scammers to replace are safe.
If you scan a QR code, make sure you never provide any personal information or login -credentials. It is always better to fail on the side of caution. Before you follow the link to any site, look carefully and compare it to what you know as the right appointment.
QR codes definitely make our lives easier, but unfortunately, the more widespread they are, the probable ones they should be targeted by scammers. It’s never a bad idea to invest in one of Best Android Antivirus -Apps To protect your phone from hackers.
