Cybersecurity
Stop QR Code Phishing (Quishing) Attacks
A quick defense guide for malicious QR codes in emails, posters, menus, and fake login prompts.
Recognize risky QR contexts
Attackers place QR codes where urgency or convenience is expected.
Common examples include fake invoices, parking tickets, and account re-verification prompts.
Action checklist
- Question unexpected payment or login QR prompts.
- Inspect physical stickers for tampering.
- Treat email QR codes as potentially suspicious.
Preview destination before opening
Most phones let you preview destination links before launching browser.
Validate domain spelling and brand legitimacy first.
Action checklist
- Use preview mode before opening URL.
- Check domain for typos and lookalikes.
- Avoid entering credentials on unknown mobile pages.
Verify through official channels
If a QR action concerns payments or account access, verify independently.
Use official apps or manually typed domains.
Action checklist
- Open official app instead of scanning unknown code.
- Call known support number if request is unusual.
- Do not rely on contact details shown in suspicious message.
Report and block scam attempts
Rapid reporting helps protect coworkers, friends, and family.
Capture evidence and submit to your organization's reporting process.
Action checklist
- Take screenshot of suspicious QR source.
- Report to internal security/support team.
- Block sender or source channel.