Overview
A major increase in QR code phishing attacks at restaurants, parking meters, and public spaces. Fake QR codes redirect to credential-stealing websites.
Expert Analysis
GetCyberRight Analyst Assessment
This analysis was prepared by our security team based on verified threat intelligence and official sources.
Quishing attacks have increased over 400% since 2024. Scammers place fake QR code stickers over legitimate ones at parking meters, restaurant tables, electric vehicle charging stations, and public transit stops. The FBI, CISA, and FTC have all issued advisories. Many mobile users scan without checking the URL preview first.
Indicators of Compromise
tactic
Sticker overlay on existing QR codesFake codes placed over legitimate ones
tactic
Redirect to credential harvesting pageScanned URL mimics payment or login portals
What You Should Do
1
Always preview the URL after scanning a QR code before opening it
2
Look for sticker overlays or tampering on public QR codes
3
Type URLs manually instead of scanning when in doubt
4
Use your built-in phone camera rather than third-party QR apps
5
Never enter payment information on a site reached via an unexpected QR code