Cyber Security News

How to Outsmart QR Code Phishing

The term 'quishing' might sound cute and charming, but it's one of the latest tools being used by cybercriminals in the quest to steal your personal information or infect your device with harmful software.

It's a blend of 'QR code' and 'phishing', signifying the act of deceiving people using a phishing email that includes a QR code.

More and more people are receiving (unsolicited) emails telling you to scan a QR code for a fantastic deal.

If you do, be cautious – rather than an awesome offer, it might well be a scam.

Why is Quishing becoming a thing?

From a cybercriminal's perspective, quishing has certain advantages compared to traditional phishing.

Firstly, most people have become cautious about clicking suspicious links in emails and know how to verify the safety of a URL. However, QR code scams are less familiar, making it easier to deceive people.

Moreover, deceptive QR codes can more easily bypass companies' digital security systems since they are presented as image files, which are not flagged as threats.

Lastly, even if you receive a quishing email on your computer, scanning the code often requires you to switch to your mobile device, which usually has weaker antivirus and anti-phishing protections.

So now we know why quishing is one of the latest weapons of choice for cybercriminals, let's look at the Top 5 ways you can thwart these attacks!


Avoid Scanning QR Codes from Unknown Email Senders

Let's say for example that you receive an email from an unfamiliar sender claiming to offer a fantastic discount. Inside the email with a QR code that promises to reveal the deal.

Don't scan it, as it could be a scam.


Recognise the Signs of Phishing Emails

Let's say for example that you receive an email urgently requesting you to click on a link or scan a QR code to prevent your account from being locked.

Be suspicious of anything that is creating a sense of urgency - manufacturing urgency is a classic technique deployed by cybercriminals!

Trust your instincts; if the email was unexpected and/or anything feels suspicious, don't click on any links or QR codes.


Check QR Code URL Previews

Let's say for example that you're about to scan a QR code that appears to lead to a well-known shopping website.

Always preview the URL and look for any deviations from what you may expect such as a slight misspelling. Example: '' instead of ''.

In such cases, avoid scanning and double-check the URL's authenticity.


Never Enter Login Credentials via QR Codes

Let's say that, after scanning a QR code from what appears to be a legitimate company, it takes you to a login page asking for your username and password.

Even if it seems legitimate, NEVER input your credentials there.

If you suspect an issue with your account (such as your bank, telco etc), go directly to the company's official website using your browser or contact the company by phone.


Practice Strong Digital Security

We keep saying it but it's true...

To enhance your online security, use long, complex and unique passwords for each of your accounts.

And keep your devices and software up to date with the latest security patches and updates. This doesn't just relate to your work devices - the ones at your home are just as important!

In summary, the ever-evolving landscape of cyber threats demands our constant vigilance and adaptability.

As we've explored in this article, quishing, or QR code phishing, is just one example of how cybercriminals are getting more creative in their attempts to compromise our online security.

However, armed with knowledge, awareness, and the right cybersecurity practices, we can confidently navigate the digital realm.

Remember that staying safe in cyberspace is an ongoing journey, and the steps we take today can make all the difference tomorrow.

So, let's continue to educate ourselves, share our insights, and collaborate in the fight against cyber threats, ensuring a safer digital future for all.

Stay secure and stay empowered.