Skip to main content
    Back to Alerts
    HIGH RISK
    phishing

    QR Code Phishing (Quishing) Attacks Surge

    March 27, 2026Updated Mar 27, 2026US, EU, GB, CA, AU, GLOBAL
    Mobile
    Physical Locations

    Overview

    A major increase in QR code phishing attacks at restaurants, parking meters, and public spaces. Fake QR codes redirect to credential-stealing websites.

    Expert Analysis

    GetCyberRight Analyst Assessment

    This analysis was prepared by our security team based on verified threat intelligence and official sources.

    Quishing attacks have increased over 400% since 2024. Scammers place fake QR code stickers over legitimate ones at parking meters, restaurant tables, electric vehicle charging stations, and public transit stops. The FBI, CISA, and FTC have all issued advisories. Many mobile users scan without checking the URL preview first.

    Indicators of Compromise

    tactic
    Sticker overlay on existing QR codes

    Fake codes placed over legitimate ones

    tactic
    Redirect to credential harvesting page

    Scanned URL mimics payment or login portals

    What You Should Do

    1

    Always preview the URL after scanning a QR code before opening it

    2

    Look for sticker overlays or tampering on public QR codes

    3

    Type URLs manually instead of scanning when in doubt

    4

    Use your built-in phone camera rather than third-party QR apps

    5

    Never enter payment information on a site reached via an unexpected QR code

    Sources

    Related Guides