Quished

Quishing, also known as QR code phishing, involves tricking someone into scanning a phony QR code with their phone or device. The QR code then takes the user to a fraudulent website that might download malware or ask for sensitive information. It’s the latest trend used by scammers to get to your hard-earned cash. Once scanned, scam codes will take you to a bogus website where you innocently input your details thinking you’re paying for a service or visiting the genuine site, when in fact, you’re sharing all your personal details with the scammers.

"I scanned a QR code to pay for my parking and I was quished!"
"The fuck does that mean?"
"I was scammed!"

If the QR is on a poster in a public area, always check whether it appears to have been stuck over the original. If the sign or notice is laminated and the QR code is under the lamination or part of the original print, chances are it’s more likely to be genuine.

If in doubt download the app from the official Google or Apple store or search the website on your phone’s internet browser, rather than scanning a QR code to take you there. It may take longer, but it’s more secure.

Check the preview of the QR code's URL before opening it to see if it appears legitimate. Make sure the website uses HTTPS rather than HTTP, doesn't have obvious misspellings and has a trusted domain.

Trust your instincts. If something doesn’t seem right, don’t share your details.