QR Code Scams: A Closer Look at ‘Quishing’ and How to Stay Secure

The threat of phishing and its variants – such as smishing (SMS phishing) and vishing (voice phishing) – has been current for some time now, but the past few months have seen the rise of a new threat: QR (quick response) codes are now increasingly being used in scams. This has inevitably become known as ‘quishing’.

What is a QR code?

A QR code is a barcode image resembling a grid of black and white squares that a smartphone camera can scan and decode to reveal a web link or other details. For example, they are often found on pub tables, giving quick access to menus so you can browse and order food and drink.

How does quishing work?

Quishing works much like any other form of phishing: criminal hackers masquerade as a legitimate source in an attempt to trick people into handing over sensitive information or downloading malware.

Scanning a malicious QR code could have the same result as clicking a malicious link: you might be directed to a fraudulent website, where you will be asked to enter your personal and sensitive data, such as your address or even bank details, or it could automatically download malware.

What to look out for

Illegitimate QR codes can be stuck over legitimate ones, so you must be careful when scanning ones in public places such as pubs and car parks.

To help make sure you don’t fall for one of these scams, keep an eye out for the following indicators of an illegitimate code:

  • Poor-quality QR codes
    They may be blurry or difficult to scan.
  • Offers that are too good to be true, especially with a sense of urgency
    An offer of a large sum of money or a substantial product for free just for filling in your details, but only for a limited time, is likely a scam. Be suspicious of such offers and research them before entering any details.
  • Requests for personal information that is not required
    Legitimate organisations will only ever ask for information required to complete a transaction or provide a service.
  • Stickers over QR codes
    Try peeling off the QR code to confirm it is not a sticker before scanning it.


Our approach to cyber incident response and recovery

At GRCI Law, we understand how cyber incidents can affect your organisation, as well as the challenges you will face when dealing with them.

It’s crucial that you get prompt, expert advice in the initial stages of an incident so that your organisation can detect, respond to and recover from it. Responding quickly can also minimise reputational and financial damage.

Contact us to find out more