“Quishing” Scams Surge: How to Safeguard Yourself and Your Data

QR codes have seamlessly integrated into our daily routines—from menus and parking meters to concert tickets—and offer undeniable convenience. But what if that convenience is becoming a liability

What Is “Quishing”?

“Quishing,” a blend of QR and phishing, refers to malicious schemes that exploit QR codes to deceive users into revealing personal or financial data. Scammers often overlay authentic QR codes—typically found in public spaces—with counterfeit ones. When scanned, these redirect users to fraudulent websites, apps, or even trigger malware downloads.

The Rising Tide of Quishing Scams

• Scams involving QR codes have surged 14-fold in just five years, according to Action Fraud data.
• From 2019 to 2024, reports in the UK jumped from about 100 instances to 1,386.
• In one year alone, £3.5 million was lost to quishing in the UK.

Banks such as Santander, HSBC, and TSB, alongside bodies like the UK’s National Cyber Security Centre and the US Federal Trade Commission, have raised alarms about quishing bypassing traditional phishing defenses.

How Quishing Scams Operate

1. Tampered QR codes are placed over legitimate ones in public areas (e.g., pay machines, restaurants).
2. When scanned, you’re redirected to a fake website designed to collect information, steal money, or install harmful software.
3. Criminals may initiate a small charge or trick you into downloading malware disguised as payment apps.
4. In some cases, scammers follow up with fake bank calls to extract even more from victims.

Some scams are even globally coordinated, with investigations uncovering subscription sites run by international fraudsters.

Tips for Staying Safe

Here are reliable strategies to reduce your risk:

• Always inspect QR codes in public spaces for signs of tampering or overlays.
• Avoid scanning unfamiliar or suspicious codes. If in doubt, type the website address manually.
• Do not make payments via QR codes unless you are absolutely sure of the source.
• Use your phone’s built-in QR scanner, not third-party apps that may pose extra risks.
• Install a mobile security app or antivirus to detect threats.
• Stay informed—awareness is your first line of defence.

Emerging Tech: Fighting Quishing with AI

Researchers are exploring new ways to tackle this problem. Studies show that quishing emails are just as effective as traditional phishing, but harder to spot. Machine learning models are being developed to analyse QR code patterns and detect malicious ones before they’re used.

Vigilance Over Convenience

QR codes are undeniably helpful—but they’ve become a sophisticated vector for fraud. With quishing incidents spiking, staying cautious is your best defence. Knowledge and vigilance protect your data just as effectively as any security software.

Further Reading:

• QR codes are being weaponized in new quishing attacks, and most people don’t realize—here’s how to stay safe
• Millions hit in quishing attacks as malicious QR codes surge – how to stay safe
• Banks and regulators warn of rise in ‘quishing’ QR code scams