V-Help
← All news
Security

How to Spot QR Code Scams: Protecting Yourself from Quishing

How to Spot QR Code Scams: Protecting Yourself from Quishing

Photo: ZDNet

Quick answer

Quishing is phishing using QR codes, enabling attackers to bypass MFA and steal data. Attacks have risen by 25% in a year, with criminals embedding malicious links in emails, PDFs, and physical carriers.

Cybercriminals are increasingly leveraging QR codes to execute phishing attacks, a tactic known as quishing. This method bypasses traditional security measures, including multi-factor authentication (MFA), granting attackers access to user accounts. According to a Hoxhunt report, such attacks have surged by 25% over the past year, with threat actors embedding malicious QR codes in emails, PDFs, and even physical media like posters and business cards.

The attack mechanism is straightforward: victims receive an email containing a QR code allegedly linking to a bank, social media, or corporate platform. After scanning the code, users are redirected to a fake website where they enter their credentials. Attackers then intercept this data to gain account access, steal information, or launch further attacks. The risk is amplified by the fact that QR codes are often scanned on mobile devices, allowing threat actors to bypass network-based security systems.

Microsoft experts note that the share of phishing campaigns using QR codes has risen from 10% to 30% in recent months. Google also warns of a surge in 'adversary-in-the-middle' (AITM) attacks, where quishing masks malicious links. To mitigate these threats, users should verify QR code sources, avoid scanning unverified codes, and use official company apps instead of following links from emails.

Quishing isn’t limited to digital channels—attackers place malicious QR codes on posters, billboards, and even business cards. Therefore, vigilance is critical not only in the online realm but also in real-world scenarios. If you receive a QR code from a bank or organization, access their official website directly or use a verified mobile app.

Common questions

What is quishing?
Quishing is a phishing variant where attackers use QR codes to redirect victims to fake websites. The goal is to steal credentials and bypass multi-factor authentication.
How do QR code attacks work?
Scammers send a QR code via email or an attached file. After scanning, the victim lands on a fake site where they enter their data, which is then intercepted by the attackers.
How can I protect myself from quishing?
Avoid scanning QR codes from untrusted sources. Verify the authenticity of websites linked by codes and use official company apps instead of email links.
Share:

Dzen feed: /feed/dzen.xml · RSS: /feed.xml

Why trust this

Prepared by the V-Help editorial team from the primary source with a published date.

Published by: V-Help.ru news desk

Source: ZDNet