QR code phishing
(also quishing)
QR code definition
QR code phishing is a social engineering attack that uses a QR code to trick people into giving their personal data like financial details or login information.
QR code phishing examples
- In China, scammers placed fake QR code parking tickets on illegally parked cars with instructions on how to pay via a mobile app.
- In the Netherlands, a QR code scam faked a legitimate feature of a well-known bank’s mobile banking app. Users who had sold things in the past were targeted, receiving a QR code to supposedly scan to “confirm the payment.” The QR linked all the users’ account information to the scammers’ devices.
Preventing QR code phishing
- Think before you scan. Ask yourself if you know who put the QR code there and if you trust it. If something feels off, don’t scan it.
- Inspect the QR code link. On iOS, you can open the associated link in a web browser. Inspect that link before proceeding to the site — if the domain doesn’t match the organization it claims to be from, something’s not right.
Further reading
