Skip to content
New: AI verdicts in plain language.
Scampilot
← All guidesGuide

Quishing (QR-code phishing)

Scammers replace or plant QR codes - on parking meters, letters, emails, restaurant tables - that lead to a fake payment or login page. Because the destination is hidden inside the code, you cannot see where it really goes until it is too late.

Warning signs

  • A QR code in an unexpected email or letter asking you to log in or pay.
  • A sticker QR code placed over the original on a machine or poster.
  • The scanned link goes to a domain unrelated to the brand.

Example

Your parcel is on hold. Scan the QR code to verify your address and pay the EUR 1.99 redelivery fee.

Made-up example - not a real message.

How to protect yourself

  1. 01Preview the URL before opening it, and check it matches the real brand.
  2. 02For payments, use the official app instead of scanning a code you were sent.
  3. 03Be suspicious of QR stickers in public places.

Already caught out?

  1. 01If you entered card or login data, block the card and change the password.
  2. 02Report the location of a tampered QR code to the operator.

Sources

Unsure about a specific message?

Paste it in - Scampilot checks text, links and numbers and explains the verdict.

Check it now