Phishing

Phishing is an attack that uses fake websites or messages impersonating legitimate services to steal passwords, credit card numbers, and personal information. While email and SMS phishing were traditional vectors, QR code phishing (quishing) has surged recently. The FBI issued a warning about QR code phishing in 2022, and reports continue to grow.

The typical quishing attack places a fake QR code sticker over a legitimate one. Parking meters, restaurant menus, and public information boards are common targets. Scanning the fake code redirects to a convincing phishing site. Unlike email phishing, QR codes make it difficult to visually verify the URL before visiting, making victims less likely to notice the deception.

Three defenses help: always check the URL displayed after scanning before proceeding; inspect QR codes for physical tampering (stickers layered on top); and avoid entering passwords or payment information on sites reached via QR code, instead accessing services through official apps or direct URL entry.