QR code on phone concept

See a random QR code offering a free gift card or a great deal? You’re better off not scanning it, as it could be a scammer using quishing to steal your payment information.

Quishing is a type of phishing attack that takes advantage of QR codes by encoding malicious URLs or malware, leading potential victims to dangerous websites or downloading nasty software.

With cyberattacks taking on new forms to trick potential victims, including the increase in AI-driven phishing tools, quishing is becoming a new way for threat actors to steal sensitive information or install malware. In fact, it was used to steal Microsoft credentials in a company-wide attack.

This guide will help explain quishing and different ways to protect yourself from QR code phishing attacks.

What is Quishing?

Quishing, also known as QR phishing, is a type of cyberattack that uses manipulated or fake QR codes to trick victims into visiting malicious websites or downloading malware. It’s essentially phishing, but instead of relying on email or text links, it uses the convenience and popularity of QR codes.

These malicious QR codes can be found anywhere. Hackers can create fake QR codes that resemble legitimate ones, often placed in public spaces like restaurants, parking meters, or even stickers over existing codes. However, they can be attached to emails, texts, or social media posts.

By embedding a malicious link in a QR code, attackers have a better chance to evade URL detection or scam detectors in emails. Unaware of the danger, the victim scans the QR code with their phone.

To make matters worse, scammers will inject malicious code in the QR code that redirects the victim to a fraudulent website designed to look real. The victim might be prompted to enter login credentials and credit card information or download malware disguised as a legitimate app on a fake website.

Examples of Quishing

There are several examples of attackers using quishing to steal banking details and login credentials.

This includes a phishing campaign targeting German eBanking users. Scammers created legitimate-looking phishing emails with official banking logos and embedded QR codes, leading to fake websites. The webpage would ask users to enter their bank location, code, username, and PIN. Since it’s a dodgy link created by the threat actors, it allowed them to steal the user’s information.

Quishing example
QR code in phishing email via Cofense

Another example is when scammers used QR codes to trick users into entering their Microsoft credentials. The attackers sent emails to employees asking them to scan the QR code to receive a voicemail. Once scanned, users would be directed to a fake Microsoft login page. Once the users entered their details, the threat actors would know their login details.

Example of phishing emails with QR code asking to scan for voicemail
Example of phishing email with QR code asking to scan for voicemail via Abnormal

Here are a few more ways QR Phishing and trick you:

  • Fake restaurant menus: QR codes displayed on restaurant tables might lead to phishing sites stealing payment information.
  • Parking meter scams: Hackers cover legitimate parking meter codes with their own, redirecting users to pay on a fake website that steals financial data.
  • Delivery package notifications: Phishing emails with fake QR codes claim to track deliveries, leading to malware downloads upon scanning.

How to stay safe from quishing?

Since quishing can be challenging to detect, seeing as users can’t see if a URL looks suspicious, it’s a good idea to stay vigilant when getting a QR code from a suspicious source or it offers details that don’t seem right.

Before opening a link using a QR scanner on your smartphone or device, especially from an unknown source, it’s best to use a URL checker such as NordVPN Link Checker. It’s a free tool that notifies users of fake websites and phishing scams using public and private resources.

Another great tool is Norton Genie, a free AI scam detector app. From learning potential real-world scam messages, the AI-driven app learns and adapts from these and can notify other users if they receive similar messages or links to dodgy websites.

Here are a few more ways to stay protected against QR phishing:

  • Don’t scan QR codes from untrusted sources or if they seem suspicious.
  • Check the link displayed after scanning before visiting the website. Look for inconsistencies or typos in the URL and hover over it to see the actual destination.
  • Use a QR code scanner app with security features. These apps can detect suspicious codes and warn you before it’s too late.
  • Don’t enter personal information on random websites. Legitimate companies won’t ask for sensitive information through QR codes.
  • Keep your phone software updated, as security updates often include patches for vulnerabilities exploited in QR code scams.

Using the best antivirus software is a surefire way to beat any cyberattack or malware. With advanced security tools to detect malicious links in files, emails, and websites, it’s an excellent way to protect your devices, as it can identify and stop malicious cyber threats – especially if you fall for a quishing scam.

Find out more about different phishing attacks, along with ransomware and infostealer malware. Check below for the best antivirus you can get.

Best antivirus in 2024

1. Norton 360 🥇From $19.99/year
Best overall antivirus of 2023

Norton 360 on Laptop scaled

“Norton” and “antivirus” are synonymous these days, as the well-established cybersecurity brand has successfully fought against malware, viruses and nasty software threats since 1990. 

Norton 360 offers excellent antivirus protection and extra features that make for a valuable, all-in-one security product. Its Norton 360 Deluxe and Premium package may cost a pretty penny. Still, with security across multiple platforms, a full-blown VPN, Dark Web Monitoring, Parental Controls and more, it will have a household free of cyber threats. 

Norton’s certainty of its antivirus software’s capabilities is clearly defined by the brand’s 100% Virus Protection Promise. If a device protected by Norton 360 can’t get rid of a virus, the user receives their money back. It’s a big claim, but unquestionably, no one should expect to get that refund.

If you have the money for it, you can also check out the premium Norton 360 Platinum package for even more online protection, including from identity theft. Without a doubt one of the best antivirus to get.

Read our full Norton 360 review

Special Offer!

2. Bitdefender 🥈 From $19.99/year
Best security features and tools

Bitdefender Lead Image scaled

Bitdefender takes the spot as best antivirus, and for good reason. It’s not enough that it boasts near-perfect lab test scores across the board, as it goes the extra mile by giving users access to a plethora of advanced security features.

Bitdefender goes above and beyond in the features department, all while keeping known malware, ransomware, and viruses at bay. It will defend your device against new attacks, provide security for online transactions, keep you safe with a reliable VPN, and protect your accounts with a password manager.

It’s a no-brainer when it comes to defending your devices against virtually any form of cyberattack, and its top-notch protection extends to its most affordable package, too. Protecting your PC and smartphone, from Windows and macOS to iOS and Android, is becoming even more necessary, and Bitdefender is the tricked-out shield you need. 

Read our full Bitdefender review

Special Offer!

3. Malwarebytes 🥉 From $44.99/year
Best antivirus for Windows PC

Malwarebytes Logo scaled

Hundreds of malware emerge every minute, and it’s Malwarebytes’ mission to detect and conquer them all. Does the antivirus do this successfully? Yes, but there’s wiggle room for improvements.

Malwarebytes’ no-nonsense approach to protecting your devices from the onslaught of malware and viruses is effective for those who need a reliable antivirus that will detect and remove malicious software, especially with its free version. However, while its premium service provides 24/7 real-time detection, conveniently blocks vicious ransomware and shields users from malicious websites, it doesn’t go beyond on the feature front.

That’s no bad thing, as sometimes a user only needs a powerful antivirus to keep them safe from cyber threats. But considering its competitors add a few more security tools, such as data breach monitoring and a firewall, there’s room for improvement. 

Read our full Malwarebytes review

Special Offer!

4. Avast One 🙌 From $39.99/year
Best antivirus for beginners + free plan available!

Avast One logo on laptop

With Avast One, you can protect your device from viruses, malware and ransomware for free. That’s right, and you don’t have to pay a dime for the extra security features the antivirus throws in, including its VPN, firewall and more.

Avast One will safeguard your device from malware, comes with ransomware protection, blocks harmful websites and downloads from the web, scans your emails for malicious attachments, stops hackers from infiltrating your device through Wi-Fi with a firewall – the list goes on. That’s a lot of tools for software that’s free, and the included VPN and the ability to speed up your PC are a welcome bonus.

It’s the ideal antivirus software for home use, as it takes the hassle out of staying wary of cyber threats lurking around, even if you’re not a tech whizz. What’s more, if you are looking for added precautions, its paid Individual and Family packages still boast great value. Hard to go wrong with this best antivirus.

Read our full Avast One review

Special Offer!

5. AVG👍 From 4.99/month
Best antivirus for + free plan available!

AVG Antivirus logo scaled

You can never go wrong with free antivirus protection, but some deliver even better detection and protection rates, along with extra security features, without costing a dime. This is where AVG antivirus shines.

AVG provides reliable protection and only a small impact on performance for Windows, Mac, iOS and Android. It safeguards your devices against malware, viruses and zero-day exploits, along with blocking malicious links and attachments in emails. Throw in phishing protection when surfing the internet and extra security features such as its SafePrice browser extension and Network Inspector, and you’ve got yourself a do-it-all antivirus.

Sure, you can find all of these perks with Avast, but if you like a slick, darker user interface that’s easy to navigate, then AVG is for you.

Read our full AVG Antivirus review

Special Offer!

Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.


Please enter your comment!
Please enter your name here