Quishing (QR phishing)

Phishing that uses a QR code to deliver a malicious URL — bypasses many corporate URL filters.

Quishing puts the malicious URL behind a QR code, often in an email attachment (PDF, image). The code is unreadable to most URL-filtering gateways, but a mobile camera will open it instantly.

Quishing has grown sharply since 2023 — it's effective specifically against companies whose security tooling inspects email links but not images.

If you must scan a code from an email or printout, use a QR app that previews the URL first, and apply the same suspicion you would to any other unknown link.

Related terms

Phishing

Fraudulent attempt to steal credentials or money by impersonating a trusted entity, usually via email or a fake website.

Smishing (SMS phishing)

Phishing delivered via SMS text message. Mobile-targeted attacks that exploit the trust placed in text messages.

Got a URL you're unsure about?

Paste it into our free scanner — verdict in seconds, 10+ threat-intel sources.

Scan a URL →