Think Twice Before Scanning QR Codes: New 'Quishing' Scams Are Tricking Millions

QR codes can be very handy, allowing you to quickly pull up information about parking payment systems, details about gifts you've been sent, and even menus at restaurants you visit. But they also have a dark side, as "quishing" — the act of using QR codes to phish for private data — has increased exponentially in recent years.

According to new security reports from the Federal Trade Commission (FTC), QR code phishing has increased dramatically in 2025, with many falling prey to malware and fake payment pages. "Quishing," as the act has become known, is deviously simple, and it's becoming more prevalent than even the most annoying iPhone phishing programs.

Bad actors slap a fake QR code sticker somewhere, someone scans it, and they're taken to a fake page where the individual unknowingly inputs their private data — such as credit card info, bank account details, and more. Luckily, there are a few things you can do to help avoid falling prey to QR code scams.

One of the most important things to remember to help avoid QR code scams is to not scan codes that you aren't familiar with. That's one of the trickiest things about QR codes — and one reason that people fall prey to so many scams involving them — is because there's no way to see where you'll be redirected until you scan the code with your phone.

Additionally, QR codes are now being used to help spread malware, too, with KeepNetLabs noting that 26% of all malicious links were hidden in QR codes. And, because QR codes have become so prevalent — you can even share passwords using QR codes — it has become an easy way to spread that malicious software without arousing suspicion.

Of course, avoiding unsafe QR codes becomes more difficult when you start accounting for the fact that even parking lots at train stations and other public places require you to scan them to pay for parking now. However, when approaching these kinds of situations, make sure you're scanning the legitimate QR codes, and if you have any concerns about the QR code, look for information about a website that you can visit to pay for parking instead.

Ultimately, avoiding QR code scams and quishing attacks is all about being smart when interacting with QR codes. Avoid them when possible, and if you're even somewhat unsure about a QR code, don't scan it all. If you do end up scanning a fishy code, make sure to change any passwords or other important security data quickly to avoid losing access to important accounts.