# Quishing.app — QR Code Phishing Awareness

> Quishing.app is an educational resource about QR code phishing (quishing) — a fast-growing social engineering attack that hides malicious links inside QR codes. The site promotes QR Code Check, a free iOS app that scans QR codes for threats before you open them.

## What is Quishing?

Quishing (QR phishing) is a cyberattack where criminals embed malicious URLs inside QR codes. Unlike traditional phishing links in emails, QR codes bypass email security filters entirely because the link is encoded in an image. Victims cannot see where a QR code leads until they scan it, making quishing one of the most deceptive attack vectors in modern cybersecurity.

Quishing attacks have increased by over 587% in the last 12 months. An estimated 1 in 4 phishing emails now contain QR codes, and 89% of quishing attacks target mobile devices.

## How Quishing Works

1. **Placement** — An attacker prints a fake QR code and places it over a legitimate one (parking meter, restaurant menu, public poster) or distributes it via email, flyer, or delivery notice.
2. **Scan** — The victim scans the code expecting a menu, payment portal, document, or Wi-Fi login.
3. **Redirect** — The QR code opens a malicious URL that mimics a trusted website (bank, courier service, employer portal, payment processor).
4. **Harvest** — The victim enters login credentials, payment details, or downloads malware, giving the attacker access to accounts, funds, or devices.

## Real-World Quishing Scenarios

### Parking Meter QR Scam
Fake QR code stickers placed over legitimate payment codes on city parking meters. Victims are redirected to fraudulent payment pages that capture credit card details. Red flags: URL mismatch, sticker overlay, asks for CVV, no HTTPS.

### Restaurant QR Menu Scam
Tampered QR codes replace legitimate menu codes at cafes and restaurants. Victims are directed to phishing sites that collect payment info or prompt malicious app downloads. Red flags: tampered sticker, fake ordering page, app download prompt.

### Delivery Notice QR Scam
Fake missed-delivery cards left on doorsteps with a QR code to "reschedule delivery." Leads to phishing pages mimicking major couriers (Australia Post, FedEx, DHL) that collect personal and payment data. Red flags: fake courier branding, redelivery fee, personal data harvest.

### Office Phishing Email QR Scam
Employees receive urgent emails containing QR codes — "scan to access shared documents" or "verify your credentials." Because the malicious link is inside a QR code image, it bypasses corporate email security filters. Leads to fake Microsoft 365, Google Workspace, or SSO login pages. Red flags: bypasses email filters, urgency tactics, credential harvest, fake SSO page.

### Airport & Travel Wi-Fi QR Scam
Posters in airports, hotels, and cafes offer "free Wi-Fi" via QR code. Scanned codes connect travellers to rogue access points or captive portals that harvest login credentials. Some variants install device profiles that intercept traffic. Red flags: rogue access point, domain mismatch, profile install.

### Crypto & Payment QR Scam
Attackers swap legitimate payment QR codes with their own wallet addresses in invoices and at point-of-sale. Since cryptocurrency transactions are irreversible, stolen funds cannot be recovered. Red flags: wallet address swap, irreversible transfer, drainer contract.

## How to Protect Yourself from Quishing

- **Inspect before scanning** — Look for stickers placed over existing QR codes, uneven edges, or codes that look out of place.
- **Preview the URL first** — After scanning, check the URL before tapping. Look for misspellings, unusual domains, or unexpected redirects.
- **Never enter credentials from a QR code** — Legitimate services rarely ask for login details through a QR code link.
- **Verify the source** — If a QR code claims to be from a business, verify by going directly to their official website.
- **Report suspicious codes** — If you find a tampered QR code in public, report it to the venue or local authorities.
- **Use QR Code Check** — QR Code Check is a free iOS app that analyses QR codes for threats using multi-source threat intelligence and on-device AI before you open the link.

## QR Code Check App

QR Code Check is a free QR code security scanner for iOS that helps users detect suspicious QR links before opening them. It uses multi-source threat intelligence and on-device machine learning to assess risk — no data leaves your device.

- **App Store**: https://apps.apple.com/us/app/qr-code-check/id6759892910
- **Website**: https://qrcodecheck.app
- **Platform**: iOS (iPhone, iPad)
- **Price**: Free

## Keywords and Topics

This site covers: quishing, QR code phishing, QR phishing, fake QR code, malicious QR code, QR scam, QR code security, suspicious QR code, phishing protection, safe QR scanner, secure QR scanner, QR code checker, QR link checker, suspicious link checker, safe link checker, malicious link scanner, phishing link scanner, parking meter QR scam, restaurant QR scam, fake menu QR code, package delivery QR scam, suspicious payment QR, office QR phishing, wifi QR scam, fake parking payment QR, scam protection, fraud prevention, malware protection, mobile phishing protection, travel safety app, tourist safety app, airport QR scam, hotel QR scam, public QR code safety, payment QR checker, crypto QR safety, wallet link checker.

## Contact

- Support: support@ioi.net.au
- Privacy: privacy@ioi.net.au
- Website: https://quishing.app
- Companion site: https://qrcodecheck.app