The Rise of QR Code Phishing ("Quishing")
Attackers have started placing fake QR codes over legitimate ones in public spaces — parking meters, restaurant tables, and even on physical mail. When scanned, these redirect to phishing sites that steal credentials or install malware.
Safe QR Scanning Practices
- Preview the URL before opening: Use a scanner that shows you the decoded URL before you tap/click
- Check for tampered stickers: Physical QR codes that look like stickers may be malicious overlays
- Verify the domain: A bank QR code should go to the bank's actual domain, not a lookalike
- Use HTTPS links: Legitimate services use encrypted connections
- Be skeptical of urgency: "Scan immediately or lose access" is a social engineering red flag
Inspect Before You Click
The QR Scanner tool shows you the full decoded URL or text before you interact with it. Review it, verify the domain, and only proceed if it looks legitimate.