top of page

Watch out for malicious QR codes 👀

Learn about "quishing" - a sneaky scam using malicious QR codes - and how to protect yourself with tips from the Cybersecurity Pigeon.

Hi again - it’s your Cybersecurity Pigeon here! In today’s digital world, cyber threats are constantly evolving, with phishing attacks becoming more creative and deceptive. Today, I’m bringing you some important information about a new type of scam - it’s called quishing. These scams trick individuals into scanning QR codes that lead to fraudulent websites designed to steal sensitive information.


What exactly are QR codes and how can they be misused?

QR codes are a convenient way to quickly access websites, services, or information. They are designed to make life easier. Simply scan one with your smartphone, and it can instantly take you to a website, share information, or complete a task.

But here’s the catch: that same simplicity makes QR codes a tempting tool for cybercriminals.


In a quishing scam, scammers create fake QR codes designed to:

  • Redirect you to fraudulent websites that steal your personal details or login credentials.

  • Install harmful software or malware on your device without your knowledge.

  • Trick you into entering sensitive information like passwords, PINs, or financial details.


How to stay safe from quishing scams


  1. Pause before scanning

    Ask yourself if it makes sense for a QR code to be used in the particular context. Is it necessary? Could a secure link have been a better option? If it feels out of place, it might be a trap.


  2. Verify the source

    Always ensure the QR code comes from a trusted and recognisable sender. If you are unsure, double-check with the person or organisation before scanning.


  3. Use secure QR code scanner apps

    Trusted scanner apps often have features like link previews to show you where the code will take you before you open it. This is a great way to avoid malicious links.


  4. Update device security

    Keep your phone or tablet safe by regularly updating your antivirus and anti-malware software. Also, enable multi-factor authentication (MFA) wherever possible to add an extra layer of protection.


  5. Enable safe browsing

    Use web browsers like Edge, Chrome, or Firefox with safe browsing mode enabled. This feature can warn you if you’re about to visit a dangerous or fraudulent website.


Remember: In the digital world, being aware and alert is your best defense. Keep your devices safe, and your data secure.


Until next time - stay safe!



bottom of page