NBC 5 Responds

New scam alert: What is ‘Quishing,' and how can you protect yourself?

NBC 5 Responds has information on a new type of scam called- “quishing” or ‘OR phishing’ and how you can avoid falling victim to it.

NBC Universal, Inc.


You can’t go to a restaurant or store without seeing QR codes, with more than 89 million Americans using them on mobile devices according to new data.

With that surge in usage comes a warning about how that spike in popularity has scammers looking to take advantage.

NBC 5 Responds has information on a new type of scam called- “quishing” or ‘OR phishing’ - and how you can avoid falling victim to it.

QR codes are everywhere, and their popularity spiked during the COVID pandemic. At a basic level, they are a machine readable image that you scan with your smart phone camera.

Once you scan a QR code, your phone translates that image to a link, taking you to things like restaurant menus or doctors office check-ins.

That ease of access comes at a high cost. New research by Checkpoint shows QR code phishing scams have risen more than 587% from August to September of this year alone.

Scammers are creating fake QR codes, which once scanned, can take you to spoofed websites. The scam may start with an email from your bank, employer or other reputable business. You’re asked to scan a QR code for a variety of reasons- for example to check into an upcoming appointment, or view an invoice. After scanning a fake QR code, you can be taken to a spoofed website- where you are asked to log in to your bank, work or email account.

That’s how scammers steal your personal info.

Potentially more alarming however, is that some fake QR codes can take you to a site that automatically downloads malware onto your device. So how do you avoid this?

“When you do scan a QR code on your phone, a little link preview will come up show, it'll show you the URL that it's going to go to,” said Jeremy Fuchs, security research analyst with Checkpoint.” If you're at a doctor's office [check] ‘Is it going to my doctor's portal?’ It is impossible to get rid of QR codes at this point, they're sort of baked into our everyday. So just kind of thinking about common sense, like that helps.”

You’re more likely to encounter these fake QR codes through email than at your favorite restaurant, simply due to logistics. So if you do receive one in your inbox, be sure to verify that the email you’re receiving is really from a legitimate source before you scan that QR code.

Contact Us