Scam Message Checker
Message-based fraud

Quishing (QR-code phishing)

Quick answer

Quishing is phishing that uses QR codes to direct you to a fake website or payment page.

  • Check the domain carefully and use the official app or website to pay instead.

What it is

Quishing is phishing that uses QR codes to direct you to a fake website or payment page.

How it works

A QR code appears on a sticker, poster, email, parking meter, or message. Scanning it opens a link that imitates a real service and asks for payment or login details.

Red flags to watch for

  • A QR code placed over an existing one
  • A QR code in an unexpected email or message
  • A page that asks for payment or login after scanning

Example

A sticker on a parking meter shows a QR code to pay for parking. This is risky because scammers cover real codes with fake ones leading to payment-stealing pages.

What not to do

  • Do not enter details on the opened page
  • Do not pay through the linked page

The safe next step

Check the domain carefully and use the official app or website to pay instead.

Often seen on: Printed codes, Email, SMS.

Commonly targets: Drivers paying for parking, Diners, Shoppers.

How to verify safely

  • Do not use links, phone numbers, QR codes, or email addresses from the suspicious message.
  • Open the official app or website yourself - type the address manually.
  • Call a contact you have saved, or the number printed on your bank card.
  • If you are threatened or in immediate danger, contact local emergency services or police.

How to report it

Report a tampered public QR code to the venue or operator, and the scam to your authority.

Find official links for your country in the scam reporting directory.

Got a message like this?

Check it now to see the specific red flags and what to do next.

Check a message

Related scam types

Smishing (SMS phishing)Smishing is phishing carried out through SMS text messages, often impersonating delivery companies, banks, or government agencies.PhishingPhishing is when a scammer pretends to be a trusted person or organisation to trick you into revealing passwords, codes, or financial details, or into clicking a malicious link.Toll payment scamA scammer claims you owe a small unpaid toll and must pay quickly to avoid penalties.

Frequently asked questions

What is a quishing (qr-code phishing)?

Quishing is phishing that uses QR codes to direct you to a fake website or payment page.

How can I avoid a quishing (qr-code phishing)?

Check the domain carefully and use the official app or website to pay instead.

What should I do if I have already been affected?

Contact your bank or the relevant provider through official channels, change any exposed passwords from a trusted device, and save evidence. See our recovery guides, and be wary of recovery scams that promise to get your money back for a fee.

Get scam safety updates

Practical scam alerts, new examples, and simple safety tips. No spam. No sensitive message data.

We only collect your email address, optional name, consent status, signup page, and signup time. See our privacy policy.