Skip to main content

Home QR code phishing

QR code phishing

(also quishing)

QR code definition

QR code phishing is a social engineering attack that uses a QR code to trick people into giving their personal data like financial details or login information.

QR code phishing examples

  • In China, scammers placed fake QR code parking tickets on illegally parked cars with instructions on how to pay via a mobile app.
  • In the Netherlands, a QR code scam faked a legitimate feature of a well-known bank’s mobile banking app. Users who had sold things in the past were targeted, receiving a QR code to supposedly scan to “confirm the payment.” The QR linked all the users’ account information to the scammers’ devices.

Preventing QR code phishing

  • Think before you scan. Ask yourself if you know who put the QR code there and if you trust it. If something feels off, don’t scan it.
  • Inspect the QR code link. On iOS, you can open the associated link in a web browser. Inspect that link before proceeding to the site — if the domain doesn’t match the organization it claims to be from, something’s not right.