Think before you scan: "Quishing" scams are spreading fast
- Replies 0
What started as a helpful tool for menus and parking meters has quietly become a new way for scammers to strike.
Those black-and-white QR codes that seem to be everywhere now—on flyers, receipts, and even packages—aren’t always what they seem.
With one quick scan, you could unknowingly hand over your personal information or compromise your phone.
And unlike suspicious links in emails, these codes can be hard to detect.
If you regularly use QR codes, there are some important things you need to know.
QR codes took off during the pandemic as a contactless way to share information and make payments.
But as they’ve become part of everyday life, cybercriminals have found ways to use them for fraud.
According to Dustin Brewer, a cybersecurity expert at BlueVoyant, “They’re simultaneously useful and dangerous” because they appear in so many public places—gas stations, restaurant tables, and even utility bills.
The scam works like this: someone prints a fake QR code and places it over a real one—often on something like a parking meter or package.
When scanned, the code redirects you to a malicious site that may steal your personal data or download malware onto your phone.
The Federal Trade Commission (FTC) has even warned about fake QR codes showing up on deliveries.
Traditional phishing emails are becoming less effective, thanks to better filters and more cautious users.
In response, scammers are shifting to QR codes—what experts now call “quishing.”
One study by KeepNet Labs found that 26% of malicious links are now sent via QR code.
Even more alarming, a report from NordVPN found that 73% of Americans scan QR codes without checking where they lead, and more than 26 million people have already ended up on malicious sites.
Scammers often count on you being in a rush—trying to pay quickly or get information fast.
That urgency is part of what makes this tactic so successful.
It’s not just the tech-shy.
In fact, iPhone users are more likely to trust QR codes than Android users—70% vs. 63%, according to Malwarebytes.
That trust can make them more likely to scan a bad code without hesitation.
Even organizations are taking precautions.
The Children’s Museum of Indianapolis now uses QR codes with unique branding and colors, and they regularly inspect them for tampering.
But even branded codes can be faked, so no one is completely safe.
Here’s what a typical “quishing” scam looks like:
QR codes don’t show you where they lead unless your phone previews the link.
And even if a short URL appears beneath the code, scammers can fake that too.
Since QR codes are cheap and easy to produce, it’s a low-cost, high-reward strategy for criminals.
Security experts have even warned that some state-sponsored hackers are using QR codes to compromise sensitive systems.
That alone speaks to how serious this issue is becoming.
You don’t have to avoid QR codes completely—but you do need to be smart about using them. Here are a few steps you can take:
Researchers are working on ways to build security into QR codes themselves—adding watermarks, branding, or tracking features to make tampering easier to detect.
But until that becomes the norm, personal caution is still the best line of defense.
Read next: 1.8 billion at risk: New email threat raises security concerns. Are you protected?
Have you encountered a suspicious QR code before? Whether it was a near miss or a helpful lesson, your story could help others stay safe. Share your experience in the comments and let’s keep each other informed!
Those black-and-white QR codes that seem to be everywhere now—on flyers, receipts, and even packages—aren’t always what they seem.
With one quick scan, you could unknowingly hand over your personal information or compromise your phone.
And unlike suspicious links in emails, these codes can be hard to detect.
If you regularly use QR codes, there are some important things you need to know.
QR codes offer convenience—but they can also be a hidden entry point for scams. Image source: Pexels / Kampus Production.
How QR codes became a scammer’s dream
QR codes took off during the pandemic as a contactless way to share information and make payments.
But as they’ve become part of everyday life, cybercriminals have found ways to use them for fraud.
According to Dustin Brewer, a cybersecurity expert at BlueVoyant, “They’re simultaneously useful and dangerous” because they appear in so many public places—gas stations, restaurant tables, and even utility bills.
The scam works like this: someone prints a fake QR code and places it over a real one—often on something like a parking meter or package.
When scanned, the code redirects you to a malicious site that may steal your personal data or download malware onto your phone.
The Federal Trade Commission (FTC) has even warned about fake QR codes showing up on deliveries.
Also read: Baby-faced scammers trick drivers in new scheme that’s stealing thousands
Why this scam is gaining traction
Traditional phishing emails are becoming less effective, thanks to better filters and more cautious users.
In response, scammers are shifting to QR codes—what experts now call “quishing.”
One study by KeepNet Labs found that 26% of malicious links are now sent via QR code.
Even more alarming, a report from NordVPN found that 73% of Americans scan QR codes without checking where they lead, and more than 26 million people have already ended up on malicious sites.
Scammers often count on you being in a rush—trying to pay quickly or get information fast.
That urgency is part of what makes this tactic so successful.
Also read: She lost $17,500 to a bitcoin ATM scam—what happened and how to stay safe
Who’s falling for it?
It’s not just the tech-shy.
In fact, iPhone users are more likely to trust QR codes than Android users—70% vs. 63%, according to Malwarebytes.
That trust can make them more likely to scan a bad code without hesitation.
Even organizations are taking precautions.
The Children’s Museum of Indianapolis now uses QR codes with unique branding and colors, and they regularly inspect them for tampering.
But even branded codes can be faked, so no one is completely safe.
Also read: Alert: The $2,000 Google Maps scam putting your home at risk
How these scams actually work
Here’s what a typical “quishing” scam looks like:
- A fake QR code is placed in a busy public space—like on a parking meter, poster, or flyer.
- You’re distracted or in a hurry, and don’t notice anything unusual.
- You scan the code, which takes you to a fraudulent site that asks for payment info or login details.
- You enter the information—or download a file—that turns out to be malicious.
- Scammers gain access to your data, identity, or device.
Also read: Walmart revamps over 2,000 stores: What’s new for your shopping experience
Why they’re so hard to spot
QR codes don’t show you where they lead unless your phone previews the link.
And even if a short URL appears beneath the code, scammers can fake that too.
Since QR codes are cheap and easy to produce, it’s a low-cost, high-reward strategy for criminals.
Security experts have even warned that some state-sponsored hackers are using QR codes to compromise sensitive systems.
That alone speaks to how serious this issue is becoming.
Also read: New phishing scam tricks on the rise–you won’t believe what hackers do to get your information!
How to protect yourself
You don’t have to avoid QR codes completely—but you do need to be smart about using them. Here are a few steps you can take:
- Pause before you scan: If the QR code seems out of place or unexpected, skip it.
- Preview the URL: Many phones will show the website link—look closely before tapping.
- Don’t enter sensitive info: Never provide passwords or payment details unless you’re certain it’s a trusted site.
- Check for tampering: If the QR code looks like a sticker or seems layered over something else, that’s a red flag.
- Use a QR scanner app with security features: Some apps can flag malicious links before they open.
- Keep your device updated: Security patches can help block known threats.
- Ask for alternatives: If a business only offers a QR option, request a paper version or direct link instead.
Source: YouTube / WFMY News 2
Researchers are working on ways to build security into QR codes themselves—adding watermarks, branding, or tracking features to make tampering easier to detect.
But until that becomes the norm, personal caution is still the best line of defense.
Read next: 1.8 billion at risk: New email threat raises security concerns. Are you protected?
Have you encountered a suspicious QR code before? Whether it was a near miss or a helpful lesson, your story could help others stay safe. Share your experience in the comments and let’s keep each other informed!
