🧪 Step 1: You Just Scanned That?

Remember that code you just scanned a few seconds ago?

What made you trust it?

It's incredibly easy for attackers to replace a legitimate QR code with a malicious one — and most people wouldn't notice.

📦 Step 2: What Is Quishing?

Quishing is phishing via QR code.

Scan, click, enter your info — and it's gone. No red flags, no email spam filter, no second chance.

  • 🕵️‍♂️ Fake login pages with real-looking branding
  • 🐛 Malware downloads in a single tap
  • 🖼️ Poster campaigns with malicious stickers

📦 Step 3: Identify the Bait

Quishing and phishing are similar.

And here's what you need to watch out for in both cases:

  • 🕒 False Urgency: "Your account will be locked in 5 minutes!"
  • 🔗 Suspicious Links: "Click here to verify your account"
  • 🐞 Unexpected Attachments: "Open the attached file urgently!"
  • 📸 QR Codes: "Scan this code to resolve the problem!"
  • 😭 Emotional Manipulation: "I'm going to lose my job!"
  • 🖼️ Trustworthy Design: Familiar company branding
  • Fake Security: "Secured with military-grade encryption!"

🔐 Step 4: How to Not Get Owned

  • 👁️‍🗨️ Check the link before opening — some phones show it
  • 💡 Ask: do I trust the source of this QR code or link?
  • 🚫 Don't scan random codes in public places
  • 🫣 Look carefully: does the website actually match what you expected?

Suspicious link:

http://login-verify.ru

Genuine link:

https://yourbank.com

🧠 Step 5: Let's See if You Learned Anything

Drag each scenario into the correct box.

Note: on a mobile device, you may need to long-press the items to drag them.

✅ Safe

🚫 Suspicious