All about quishing and how to avoid this scam

Avoid quishing

Quishing is a modern form of classic phishing but it has a fundamental difference and that is that use QR codes as a way to enter your mobile and scam you. Today we see how this type of scam works and how to avoid them. Let's see how to avoid quishing.

Quishing is a fishing attack using a QR code

What is quishing?

Quishing, also known as QR phishing, is a type of cyber attack using QR codes with malicious intent so that they can deceive users and thus steal their information and documents or even dox them.

Typically, quishing attacks start their plan with a QR code that has an encrypted link that takes you to a malicious website. You can find this code everywhere. So when the user uses that code he ends up reaching a website whose objective is to obtain the user's information. On this website, the user is tricked into giving up their information or access to the terminal for fraudulent purposes.

As you can see, quishing has a physical component while phishing is usually completely digital. By this I mean that quishing is often used in the real world by stickers that are placed over other legitimate QR codes. In this way, since we cannot easily differentiate the QR code, we end up reading the code with our mobile phone and accessing the malicious link.

Traditional forms of phishing are usually more controlled since there are more security measures that try to avoid this type of scams. The problem is that QR codes can be found anywhere and if they are properly placed they can look legitimate even if they are not. To prevent your information from being stolen or your rights being violated, I am going to explain to you how you can avoid quishing attacks.

How to avoid a quishing attack

How to avoid QR code scams

The easiest way to avoid a quishing attack is avoid scan a QR code. This is a very reductionist way of acting against quishing but it is the most effective. If we do not use the scanner to access the link of a QR code we will not be able to suffer from quishing.

Now, in some situations we are forced to scan a QR code. If you find yourself in this situation, what you should do is wait for see the address of the page to which the link takes you. This requires some knowledge of the Internet, but you have to try to discover if that website is fraudulent or not.

This is easier to detect when we know what fraudulent links look like. And you can usually see spelling or even grammatical errors in the destination URL. Definitely, When you scan a QR code just don't click "Go to link"On the contrary, wait for the information about the website you are accessing to appear and search for it on Google to see what other Internet users think.

Finally, it is It is recommended that you use two-step verification that allows you to have extra security in case your mobile ends up being infected by quishing.

What happens if they make me quishing?

Dangers of quishing

The most common situations when you have been scammed through quishing is when the attacker can use the stolen information to create fake accounts in the victim's name. Bank details are also used to make fraudulent purchases and use stolen financial information to make unauthorized bank transfers.

In addition to this, the malicious website may contain malware that installs directly on the victim's device when they visit it. This malware can do anything on your device. From stealing your personal information and photos to logging your keystrokes, controlling your device, or even taking your health tracking data.

If you think you are a victim of quishing The first thing you should do is report to the authorities so that they are aware of this situation. In addition to this, it is essential that change the keys and passwords of all types of accounts. I would start with the bank and financial accounts and then the rest. This way you can minimize possible losses. Additionally, to avoid major problems you can try to factory reset the terminal.

From AndroidGuías We recommend that you review all the QR codes and, as we do with dataphones and vending machines, verify that there is no code pasted above impersonating the original link.

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.