Digital Security Advisory: QR Code Phishing (Quishing) Attacks on the Rise

What’s the Risk?

The Digital Shared Services Information Security team is warning all staff about a growing threat involving quishing attacks.

Quishing, short for QR phishing, uses QR codes embedded in documents to redirect users to malicious websites designed to steal credentials, install malware, or trick users into entering sensitive information.

What You Should Do

• Do not scan any QR codes in emails unless you are confident in the sender’s identity and the purpose of the message.
• Verify the source using a trusted method (e.g., phone call or internal messaging) before scanning a QR code.
• Use a secure QR scanner that lets you preview the destination URL before opening it. The default camera app on most Samsung and Apple phones allows you to do this.
• Report suspicious emails to the Digital Shared Services Information Security team immediately.

Stay Cyber Aware

The Information Security team is actively monitoring for this threat, but your awareness and caution is essential to maintaining a secure digital environment. If you receive an email with a QR code and are unsure about its legitimacy, do not scan it and report the email using our reporting suspicious emails process.

Submitted by:  Digital Shared Services