Cybersecurity experts have issued an urgent warning over a sharp rise in 'quishing' scams, a form of phishing that uses malicious QR codes to steal personal and financial information. According to a recent report, more than 26 million Americans have already fallen victim, with numbers continuing to climb rapidly.
Dustin Brewer, senior director of proactive cybersecurity at BlueVoyant, said: 'The most dangerous part is they are hiding in plain sight. Attackers can just print their own QR code and paste it over a real one, and you'll never know the difference.' Criminals are placing counterfeit codes over legitimate ones in high-traffic areas such as parking meters, public transport signs, restaurant tables, and on delivery packages.
Once scanned, fraudulent QR codes often lead to lookalike websites designed to steal login credentials or financial data. In some cases, they install malware onto the user's phone, granting attackers remote access. The Federal Trade Commission reported victims receiving fake 'gift' packages with QR codes that redirected to phishing sites disguised as delivery return forms.
Experts advise checking that the link begins with 'https://' and appears legitimate before scanning. Red flags include low-quality stickers, misaligned codes, or URLs that are misspelled or unfamiliar. Users should never scan QR codes from unknown sources, especially in emails, texts, or physical mail.
