Salus Logo

Quishing: QR Codes, The New Face Of Phishing

26 Sep 2023 2 minute read

QR code

As technology evolves, so do the tactics employed by cybercriminals. Recently, Salus has observed a surge in popularity of a new form of phishing called ‘Quishing’. Unlike traditional phishing attempts that rely on malicious links or attachments, Quishing targets victims by enticing them to scan QR codes embedded in emails. This article sheds light on this emerging threat and provides essential tips to safeguard yourself from falling victim to QR code phishing.

Understanding Quishing and QR Code phishing

Quishing, a term derived from "QR" and "phishing," refers to a deceptive technique where cybercriminals manipulate users into scanning QR codes to gain unauthorised access to sensitive information. Unlike conventional phishing methods, which often rely on links or attachments, Quishing exploits the trust and accessibility associated with QR codes, making it harder for security measures to detect the threat.

The Appeal of QR Code Phishing

QR code phishing has gained traction due to its ability to bypass security checks and spam filters. By avoiding link rewriting, which allows security providers to verify the destination before redirecting users, cybercriminals can trick victims into scanning malicious QR codes without raising suspicion. Additionally, the urgency factor commonly used in other phishing methods is also employed to create a sense of haste and pressure victims into taking immediate action.

Protecting Yourself from QR Code Phishing

Exercise Caution and Vigilance

Treat unsolicited emails with caution, especially those from unknown senders. Avoid scanning any QR codes contained within such emails, as they may lead to malicious websites or trigger unauthorised actions.

Verify the Sender

Only scan QR codes in emails if they are from a trusted sender and you are expecting the email. If you receive a spontaneous email or an email from an unfamiliar source, refrain from scanning any QR codes it contains.

Double-Check URLs

Before scanning a QR code, examine the email content for any suspicious URLs or misspellings. Hover over links (without clicking) to view the actual destination. If anything seems suspicious, refrain from scanning the QR code.

Implement Multi-Factor Authentication (MFA)

Enable MFA wherever possible, as it adds an extra layer of security to your accounts. Even if a cybercriminal manages to obtain your credentials through QR code phishing, MFA can help prevent unauthorised access, and buy valuable time for administrators to recover from the event.

Stay Educated

Keep yourself informed about the latest phishing techniques, including QR code phishing. Regularly update your knowledge on cybersecurity best practices and share this information with colleagues, friends, and family to help them stay protected as well.

Use Reliable Security Software

Install reputable antivirus and anti-malware software on your devices. These tools can help detect and block phishing attempts, including those involving QR codes.


As cybercriminals continue to innovate their tactics, it is crucial to remain vigilant and adapt our security practices accordingly. QR code phishing, or Quishing, represents a new threat that targets unsuspecting individuals through deceptive emails. By following the tips outlined in this article and performing the occasional controlled phishing engagement in your own company, you can protect yourself from falling victim to QR code phishing and safeguard your personal and sensitive information from unauthorised access.

Share this page

Sign up for updates

Start your Journey with us!

Contact us

Here to Help
Tell Us Your Priorities!