Do you know what Quishing is?
Curiosity is one of the most powerful human qualities that malicious actors weaponize to increase the efficiency of scams and phishing campaigns.
Lucky for you, we’re the good ones. We don’t want your password or payment information—we want you and your employer to be safe from scams.
“Quishing”, also known as QR code phishing, is a technique where cybercriminals use QR codes to trick individuals into revealing sensitive information or visiting malicious websites. These QR codes are often designed to look legitimate but lead to fraudulent websites or phishing pages that aim to steal personal but instead of mail, QR codes are used.
So what can you do?
Think before you scan something.
Is there something suspicious about the placing or the look of the QR code? Are there any signs of manipulation (e.g. wrong company logo on the sticker)? Or does the offer sound too good to be true (e.g. massive discount code)?
Check if it is a QR Code from a generally reliable organization.
Bear in mind that even if the source appears trustworthy, the QR code may have been pasted over.
Keep your mobile device up to date.
Ensure that you install software and app updates as quickly as possible, as they often close known security gaps.
Check the URL address to which the QR code wants to send you.
This is not an easy task, as shortened links are often used. Check if the link looks trustworthy, in doubt visit the official website.
Don’t enter your log-in data.
Be careful when you enter your login, company or personal data on a website or app that you access via QR code. If you entered your credentials unintentionally, please make sure to change your passwords immediately.
Use the camera on your phone to scan the QR code.
Avoid using apps to scan the QR codes, they could automatically open a link before you’ve even had time to look at it. Sometimes opening a website is enough to trigger the download of malicious software in the background.
Use Multi-Factor Authentication (MFA).
if you scanned a QR-Code and entered your credentials on that website, with MFA you have an extra layer of protection, because hackers would also need the second factor to crack your account. Enable MFA on accounts that support it.
Remember: You should treat every QR code like a link in an email. If you're unsure about the origin, it's better to play it safe and don't click or scan it.We want to make sure there's no confusion: We're not telling you to avoid QR codes altogether. It's like being cautious with emails.
Our advice is simple: think before you click or scan. Stay alert, and don't trust websites blindly.
Read more about QR code threats
QR code phishing scams are on the rise—make sure you don't get caught
Threat Feed Week 21 | Microsoft
Threat Feed Week 22 | Microsoft
Threat Feed Week 24 | Microsoft
Threat Feed Week 26 | Office 365
Threat Feed Week 31 | Microsoft
Threat Feed Week 34 | DHL Postal Service
Threat Feed Week 37 | SharePoint
Threat Feed Week 37 | DocuSign
Threat Feed Week 37 | Hoxhunt Impersonation