QR Code Phishing Definition

QR code phishing (also called “quishing”) is a type of cyberattack that relies on malicious QR codes. It tricks the unsuspecting victim into visiting a malicious website or downloading malware. Like many other types of phishing attacks, QR code phishing aims to steal personal information, such as financial data or login credentials.

How QR Code Phishing Works

The attacker creates a QR code that leads to a malicious webpage. They then share this QR code through various means — social media posts, phishing email attacks, ad banners, printed flyers, stickers, posters, and more. The attacker uses social engineering methods to make the QR code look legitimate and get people to scan it. When a target scans the QR code, it opens the malicious webpage. The victim can then interact with webpage elements and potentially share personal information or unknowingly install malware on their device.

Signs of QR Code Phishing

• Suspicious URL: Reveals a misspelled site name (like “arnazon.com”), homographs, unusual domains (“.xyz”), or random strings of text.
• Physical tampering: Appears as a QR code sticker placed over another code on a legitimate-looking poster or flyer.
• Sense of urgency: Demands immediate action with phrasing such as “Claim now,” “Verify your info immediately,” or “Urgent payment.” 
• Sensitive information: Asks for information like login credentials, full name, address, or credit card details.
• Unexpected context: Shows up on unsolicited emails, random flyers or posters, ad banners, or pop-up pages that resemble a legitimate site.

QR Code Phishing Prevention

• Ignore any QR codes from unexpected emails, messages, flyers, ads, or unfamiliar locations.
• Check for layered stickers, peeling edges, or poor print quality.
• Use a secure scanner app that shows the URL without automatically opening it.

Read More

• What to Do If You Click on a Phishing Link?
• What Is a Luring Attack?
• What Is Angler Phishing?

FAQ