QR Code Phishing – or Quishing!

In recent times, we’ve seen a significant surge in QR code phishing attacks, commonly known as “Quishing”.  These attacks are particularly insidious because they often bypass traditional safe-link protections and target high-value individuals such as corporate executives.

Take a moment to understand the threat and share with your friends and colleagues.

Understanding the Threat

QR codes have become ubiquitous, especially since the pandemic, as they offer a contactless way to share information.  However, this convenience also presents a new attack vector for cybercriminals – a QR code phishing attack.  In the last quarter of 2023, there was a notable jump in QR code phishing, with top executives seeing 42 times more phishing attacks using QR codes compared to the average employee.

Attackers embed malicious links within QR codes, which, when scanned, can redirect users to credential-harvesting websites or even initiate malware downloads.

Bypassing Safe-Link Protection

One reason QR code phishing is so effective is that it can evade email security products.  Since QR codes are images, they don’t trigger the same scrutiny as a typical hyperlink in an email.  Attackers can also place these malicious QR codes in physical spaces, completely sidestepping digital security measures.

This method exploits users’ inherent trust in QR codes and their convenience.

How to Stay Vigilant and Safe

To protect yourself from these sophisticated attacks, here are some simple steps you can take:

  1. Be Cautious with Unsolicited QR Codes:  If you receive a QR code unexpectedly, especially if it’s not from a trusted source, be wary of scanning it.
  2. Verify the Source:  Always check the authenticity of the QR code’s source.  If it’s from an email, verify the sender’s address.
  3. Use Secure QR Code Scanners:  Some apps provide a preview of the URL linked to the QR code.  Use these to check where the code leads before scanning.
  4. Keep Your Devices Updated:  Regular updates to your phone’s operating system and apps can protect against known vulnerabilities.
  5. Educate Yourself and Others:  Awareness is key.  Learn about the latest phishing tactics and share this knowledge with colleagues and friends.


As QR codes continue to be a part of our daily lives, it’s crucial to stay informed and cautious.  By understanding the risks and taking proactive measures, we can safeguard our personal information and maintain our digital security in the face of evolving cyber threats.

QR code phishing is a real threat.  Remember, vigilance is our best defence against these hidden dangers lurking in plain sight.



Fast friendly IT support.
We’re here to help.

Talk to us about your business challenges.

Contact Us