Quishing Attacks Up 587% Since 2024

Quishing Detection

Quishing = QR + Phishing. Attackers use QR codes to bypass email filters and trick victims into visiting malicious sites. Don't be the next target.

Check QR Code Safety

Drag & drop a QR code image here, or click to upload.
(Zero-Trust: Your image never leaves this device)

What is Quishing?

Quishing (QR Code Phishing) is a social engineering attack where criminals embed malicious URLs in QR codes. Unlike traditional phishing emails that can be filtered, QR codes bypass most security measures because the link is hidden until scanned.

Attackers place fake QR codes in physical locations (parking meters, restaurant tables, ATMs) or send them via email, text messages, and social media. When victims scan the code, they're redirected to fake login pages, malware downloads, or cryptocurrency drainers.

587%

Increase in Quishing

$12M

Lost to QR Scams (2024)

76%

Users Trust QR Codes

Growing Attack Vector

Common Quishing Attack Vectors

Email QR Codes

Fake invoices, shipping notifications, or MFA reset emails containing malicious QR codes that bypass spam filters.

Payment Hijacking

Fake QR codes placed over legitimate payment terminals at parking meters, vending machines, and restaurants.

Social Engineering

QR codes on fake flyers, posters, or business cards promising discounts, prizes, or exclusive content.

How RexoGate Detects Quishing

Detects typosquatting domains (paypa1.com, g00gle.com)

Identifies Punycode homograph attacks (xn-- domains)

Flags phishing keywords (login, verify, account, etc.)

Warns about URL shorteners hiding malicious destinations

Blocks javascript: and data: URI attacks

Don't Become a Quishing Victim

Check every suspicious QR code before scanning.