QR Codes Scams

11th April 2025

QR phishing, also known as "quishing," involves cybercriminals using QR codes to trick users into visiting malicious websites or downloading malware, often disguised as legitimate offers or requests. These scams can lead to financial loss, data breaches, and identity theft.

How Quishing Works:
Fake QR Codes:
Scammers create fake QR codes that, when scanned, redirect users to fraudulent websites.

Distinguished Lure:
These codes are often placed in emails, social media posts, or even on physical objects like stickers on parking meters or restaurant menus.

Phishing Websites:
The malicious websites mimic legitimate services, asking users to enter sensitive information like login credentials or credit card details.

Malware Downloads:
Some QR codes can also prompt users to download malware-infected apps.

Protecting Yourself:
Verify the URL:
Before scanning a QR code, carefully examine the URL it redirects to. Is it the official website of the company you expect?.

Use Caution with Scanners:
Be cautious about using QR code scanners downloaded from app stores. Consider using the built-in scanner on your phone.
Be Wary of Unsolicited Scans:
Don't scan QR codes from sources you don't trust or if the offer seems too good to be true.

Look for Red Flags:
Be wary of websites with typos, low-quality images, or a lack of secure connection (HTTPS).

Report Suspicious Activity:
If you encounter a suspicious QR code or are the victim of a scam, report it.

Examples of Quishing:
Email Scams:
Scammers embed QR codes in emails, asking users to scan them to access important documents or information.

Online Coupons:
Fake QR codes are used to redirect users to phishing sites posing as legitimate online coupon offers.

Parking Meters:
Scammers may attach fraudulent QR codes to parking meters, directing drivers to fake payment sites.

Restaurant Menus:
Fake QR codes may be placed on restaurant menus to redirect customers to phishing pages.