HS

Surge in 'Quishing' Scams: Cybercriminals Exploit QR Codes to Deceive Consumers

August 12, 2025
Surge in 'Quishing' Scams: Cybercriminals Exploit QR Codes to Deceive Consumers

In recent months, a concerning trend has emerged within the realm of cybersecurity: the rise of ‘quishing’ scams, where cybercriminals exploit QR codes to deceive unsuspecting consumers into revealing sensitive personal information. These scams have gained traction as QR codes become ubiquitous in various aspects of daily life, from restaurant menus to contactless payment systems. The Federal Trade Commission (FTC) has issued warnings regarding these scams, highlighting how malicious QR codes can lead to phishing websites designed to harvest personal data or download malware onto victims' devices.

According to a July 2025 report from CNBC, QR codes, which were once considered a novel convenience, are now being manipulated by hackers to facilitate fraud. "As with many technological advances that start with good intentions, QR codes have increasingly become targets for malicious use," stated Dustin Brewer, Senior Director of Proactive Cybersecurity Services at BlueVoyant. Brewer emphasized that these codes are prevalent in everyday environments, making them an attractive target for cybercriminals.

The FTC's warning outlined that recent scams have involved unexpected packages containing QR codes that, when scanned, redirect users to sites that steal personal information like credit card details and passwords. Authorities in various states, including New York and Hawaii, have also issued advisories, underscoring the need for vigilance when interacting with QR codes.

Gaurav Sharma, a Professor in the Department of Electrical and Computer Engineering at the University of Rochester, noted that the simplicity of executing these scams is alarming. "The crooks are relying on you being in a hurry and you needing to do something," he said, explaining that QR codes are often placed in high-traffic areas where individuals may not take the time to verify their authenticity.

The prevalence of QR code scams is partly attributed to the increased sophistication of traditional phishing tactics, which have led cybercriminals to seek alternative methods to access sensitive information. A 2023 study published by KeepNet Labs found that 26% of all malicious links are now disseminated via QR codes, a significant increase from previous years. Additionally, a report by NordVPN indicated that 73% of Americans scan QR codes without prior verification, contributing to the vulnerability of a significant segment of the population. This alarming statistic translates to over 26 million individuals potentially having been directed to malicious sites.

Sharma is among the researchers developing a secure QR code technology called SDMQR (Self-Authenticating Dual-Modulated QR), which aims to provide built-in security features to guard against such scams. However, he acknowledges the challenges in garnering support from major tech companies like Google and Microsoft, which are essential for widespread implementation of enhanced security measures.

Despite the growing awareness of QR code scams, many Americans remain wary of their increasing reliance on this technology. Denise Joyal, a resident of Cedar Rapids, Iowa, expressed her concerns: "I’m in my 60s and don’t like using QR codes. I definitely worry about security issues. I really don’t like it when one is forced to use a QR code to participate in a promotion with no other way to connect."

Institutions are also taking proactive measures to bolster QR code security. For instance, Natalie Piggush, a spokeswoman for the Children’s Museum of Indianapolis, shared that their IT staff began upgrading their QR codes to protect against potential threats, including adding stylized designs to make their codes less susceptible to tampering. "We regularly inspect our existing QR codes for tampering or out-of-place codes," she added, highlighting the importance of vigilance in maintaining security.

The risks associated with QR codes extend beyond individual consumers. Brewer pointed out credible reports of nation-state actors utilizing QR codes to infiltrate sensitive networks and compromise messaging accounts of military personnel. "Attackers can simply print their own QR code and paste it physically or digitally over a genuine one, making it nearly impossible for the average user to detect the deception," he explained.

As the use of QR codes continues to grow, the potential for exploitation remains a serious concern. Rob Lee, Chief of Research, AI, and Emerging Threats at the SANS Institute, likened QR code compromises to other longstanding tactics in cybercrime. He states, "QR codes weren’t built with security in mind, they were built to make life easier, which also makes them perfect for scammers."

As this technology becomes increasingly integrated into daily life, maintaining security awareness and exercising caution when scanning QR codes will be essential. Experts recommend avoiding scanning codes from unfamiliar sources and ensuring that the displayed URL is legitimate before entering any personal information. The future of QR code security will likely hinge on both advancements in technology and consumer education about the potential risks involved in their use.

Advertisement

Fake Ad Placeholder (Ad slot: YYYYYYYYYY)

Tags

quishing scamsQR code securitycybersecurityDustin BrewerGaurav SharmaKeepNet LabsNordVPNFTC warningsmalicious websitespersonal data theftcybercrime trendstechnology safetyconsumer protectionmalware threatsonline safetycybersecurity researchSDMQR technologyChildren's Museum of Indianapolismilitary cyber threatsdigital fraudprivacy concernsinformation securitysmartphone vulnerabilitiesmalicious QR codesidentity theftconsumer awarenesssecurity measurestechnical advancementsscam preventionpublic safetycybersecurity education

Advertisement

Fake Ad Placeholder (Ad slot: ZZZZZZZZZZ)

Related News